Forum Discussion
Problem with supervised mode and MFA Text
Hi Jeff Harlow, are you still experiencing this issue?
Could you also expand on how the devices are enrolled and configured?:
- Enrollment Method used
- DEP with/without User Affinity
- Apple Configurator
- Are you deploying a Device Restriction profile such as Single App Mode/Kiosk?
Thanks!
Intune Support Team
^MS
- Jeff HarlowNov 13, 2019Iron Contributor
I am using DEP with User Affinity. I actually received a response from Microsoft stating this was not supported with the user account has MFA enabled.
- Intune_Support_TeamNov 14, 2019Microsoft
Hi Jeff Harlow, thanks for the clarification!
Today, MFA is not supported for DEP during the enrollment process as there is no way to send an MFA prompt to the device during the setup assistant.Sorry that this isn't available yet today, and I'm sure you know that we're always improving the service. There is an existing Intune UserVoice item you may want to add your vote to: https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/17163317-mfa-doesn-t-work-with-apple-dep-with-intune.
As a possible workaround, using the Company Portal as an authentication method may work in instances where you'd like to use MFA, prompt users who need to change their password when they first sign in, or prompt users to reset their expired passwords during enrollment.More information can be found here: Create an Apple enrollment profile.
Hope this helps!
Intune Support Team^MS
- Jeff HarlowNov 14, 2019Iron Contributor
Actually you cannot use the Company Portal solution either when isolating it with a MFA account. The MFA text message or phone call will not be visible or answerable when the Company Portal app is open and since you cannot switch the app, it renders that solution as invalid. This has been confirmed by Intune Support. Intune_Support_Team