MFA enabled - Android fully managed shared device

LewisTaylor · ‎Sep 24 2019

I have been enrolling a large number of android devices in Intune. I currently have MFA setup on my account and during the enrolment process of the fully managed devices, it prompts MFA to approve my sign in for enrolling the device.

My question is, in 30 days when MFA wants me to sign in again will the prompt occur on the enrolled device? I am enrolling these devices on behalf of users as my account is a device enrollment manager account. This account has MFA enabled, but surely once a device has been enrolled it will not prompt for MFA again? Does anybody know?

eglockling · ‎Sep 25 2019

@LewisTaylor It will depend on how you are enforcing MFA. Are you using Conditional Access? If so, set the policy to require MFA, require device to be marked as compliant, and then only require one of the selected controls. This will continue to prompt unmanaged devices for MFA initially until they enroll and become compliant. After that, they will no longer be prompted for MFA.

Philip Büchler · ‎Oct 14 2019

And if you are not using "Conditional Access" (which you should) it would trigger MFA whenever a user hits an Office 365 service.

MFA enabled - Android fully managed shared device

MFA enabled - Android fully managed shared device

Re: MFA enabled - Android fully managed shared device

Re: MFA enabled - Android fully managed shared device

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

MFA enabled - Android fully managed shared device

MFA enabled - Android fully managed shared device

Re: MFA enabled - Android fully managed shared device

Re: MFA enabled - Android fully managed shared device