Forum Discussion

Copper Contributor

Feb 01, 2023

Solved

Bypassing MFA during device enrolment when using per-user MFA

Hi all, I have a customer that is currently using legacy MFA (per user) set to enforced and already configured for all users. They are piloting an Intune deployment but have hit a snag when i...

Conditional Access

Intune

MFA

Moe_Kinani
Feb 02, 2023
No challenges, very similar to the old device administrator enrolment. I just rolled out for users don’t like personal profiles.

Sorry, I’m against disabling MFA or making exclusion for users or apps.

Moe

https://youtu.be/-JqMjUf-dcA

Moe_Kinani

Bronze Contributor

Feb 02, 2023

What kind of Android Enrollment your customers is using?

I would recommend using Corporate Owned Dedicated Devices (Company Owned Devices), it should enroll via Bar Code with no need to sign in.

Moe

https://www.inthecloud247.com/how-to-start-with-android-enterprise-corporate-owned-dedicated-devices-in-microsoft-intune/

ethanchal
Copper Contributor
Feb 02, 2023
Hi Moe, thanks for your reply.

They are using Corporate Owned Fully Managed at the moment and handing devices out to clients for access to M365 apps. I will look further into Dedicated Devices but do you envisage any obvious challenges when it comes to typical day-to-day usage of this enrolment approach when the device will be used for personal use and not kiosk-type scenarios?

The only other option we've come up with is to manually disable MFA during enrolment and re-enable it afterward.

Thanks
Ethan
- Moe_Kinani
  Bronze Contributor
  Feb 02, 2023
  No challenges, very similar to the old device administrator enrolment. I just rolled out for users don’t like personal profiles.
  
  Sorry, I’m against disabling MFA or making exclusion for users or apps.
  
  Moe
  
  https://youtu.be/-JqMjUf-dcA