I well imagined this would already be a well discussed topic on here, but does anyone know if Microsoft/Apple are working on getting iOS devices to work with the device enrolment program and MFA.
we have our environment setup to prompt for MFA if coming from an untrusted IP atm, which the iOS devices come under when enrolling, so the users are promoted for credentials during enrollment, but can’t continue because the MFA on their account prevents the authentication processes continuing.
iv read on MS tech net that this is expected, and they advise disabling MFA (dumb advise) to allow the enrolment, then re-enable, but this kinda makes a joke of trying to use the DEP program to simplify user enrolment.
has anyone heard of any progress being made on a solution for this problem, or a workaround...?
We have the exact same problem at the moment. I have spoken with engineers at Microsoft who have said they are fully aware of the issues with DEP and MFA and are working on resolving this.
Apple can't/won't support MFA during the DEP portion of Setup Assistant on the device, so Microsoft are having to get inventive to essentially work around this limitation while still keeping the ease and flexibility of a DEP setup and not compromise security.
Stay posted to the What's New. I've heard from others that something may be coming within the next month or so to finally resolve this.