Forum Discussion
James Sabia
Jun 23, 2018Copper Contributor
Intune - iOS Mail Profile with Azure MFA
Having issues setting up a Device Configuration Profile with intune. I created a Profile to deploy a Mail Profile for iOS devices to connect to Office 365 mailbox. The profile deploys properly but wh...
Stephen Normandin
Sep 24, 2018Copper Contributor
I updated my phone to iOS 12 and attempted the Intune Company Portal deployment again, but it still does not seem to support MFA. Am I doing something wrong, or is an Intune Company Portal update required to support MFA? Has anyone gotten deployment of MFA accounts to work since iOS 12 was released?
Robert Woods
Sep 26, 2018Steel Contributor
we tried applying Intune Company Portal deployment also Today after updating all IT dept phones to iOS 12. Can confirm it still does not work. We fell back to conditional access for mfa based on Intune policy compliance instead, which is easier on the phone users anyways.
- Pasquale PerrottaOct 02, 2018Copper ContributorRobert can provide more information on how you setup conditional access for mfa based on Intune policy compliance? We also had to fall back however our many of our intune clients are getting hung up and need to be re-enrolled.
Thanks- Robert WoodsOct 02, 2018Steel Contributor
I followed this blog by the Great Paul Cunningham
at the bottom, there is an addendum, need to also consider this:
https://practical365.com/blog/azure-active-directory-conditional-access-device-state/
- Pasquale PerrottaOct 02, 2018Copper Contributor
Robert when you say you fell back what was the mechanism you used? Powershell?
Thanks
- Jeff HarlowSep 26, 2018Iron ContributorVery strange. We upgraded our IT phones to iOS12. Then downloaded the portal. Was able to authenticate and the mail profile deployed to our devices. On deployment, I received a prompt that I needed to update my password settings. Clicked it, jump to the mail setting to where the action button was update your password. Click it, and was directly over the oAuth to authenticate and verify my identity with MFA. Mail successful. Accounts do not have conditional access but MFA is enabled.
- Robert WoodsSep 26, 2018Steel Contributor
Our experience - Users updated to iOS 12 and latest version of comp portal available.
Intune profiles to add mail to default app and comp portal were installed on all devices and in use for the past 6 mos. I did not make the users delete the policy and re-enroll.
I go to the portal and Enforce MFA on selected users.
Users proactively go to https://aka.ms/MFASetup and enroll authenticator with push notification. Setup is successful.
Users open mail app on LTE or away from known good IP's and it fails to connect to server. NO popup Approval from Authenticator.
Users open outlook app for testing and are prompted for MFA immediately in authenticator.
- Stephen NormandinSep 26, 2018Copper ContributorWe are Office 365 only, no Azure AD, so conditional access isn't an option for us. Until MDM deployment works properly with MFA, it is very difficult to use both together. Hopefully it is supported soon...