Forum Discussion

LewisTaylor's avatar
LewisTaylor
Copper Contributor
Sep 24, 2019

MFA enabled - Android fully managed shared device

I have been enrolling a large number of android devices in Intune. I currently have MFA setup on my account and during the enrolment process of the fully managed devices, it prompts MFA to approve my sign in for enrolling the device.

 

My question is, in 30 days when MFA wants me to sign in again will the prompt occur on the enrolled device? I am enrolling these devices on behalf of users as my account is a device enrollment manager account. This account has MFA enabled, but surely once a device has been enrolled it will not prompt for MFA again? Does anybody know?

  • eglockling's avatar
    eglockling
    Steel Contributor

    LewisTaylor  It will depend on how you are enforcing MFA. Are you using Conditional Access? If so, set the policy to require MFA, require device to be marked as compliant, and then only require one of the selected controls. This will continue to prompt unmanaged devices for MFA initially until they enroll and become compliant. After that, they will no longer be prompted for MFA.

    • Philip Büchler's avatar
      Philip Büchler
      Brass Contributor
      And if you are not using "Conditional Access" (which you should) it would trigger MFA whenever a user hits an Office 365 service.

Resources