Home

Multiple conditional access / MFA questions

%3CLINGO-SUB%20id%3D%22lingo-sub-330852%22%20slang%3D%22en-US%22%3EMultiple%20conditional%20access%20%2F%20MFA%20questions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-330852%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20configured%20Conditional%20Access%20to%20require%20MFA%20when%20connecting%20to%20O365%20services.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20some%20qustions%20about%20this%2C%20all%20seems%20to%20work%20fine.%20But%3B%3C%2FP%3E%3CP%3E-%20The%20Native%20iOS%20mail%20app%20for%20some%20users%20seem%20to%20work%20for%20one%20day%20only%2C%20they%20stop%20syncing%20and%20are%20not%20asking%20for%20MFA%20%2F%20credentials.%20All%20devices%20have%20iOS%2012%2B.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20The%20windows%20%2F%20mac%20devices%20are%20not%20Azure%20AD%20joined%2C%20so%20Teams%2C%20Outlook%20and%20OneDrive%20are%20all%20requiring%20MFA.%20I've%20added%20the%20ability%20to%20remember%20MFA%20on%20devices%20they%20trust%20for%2030%20days.%20But%2C%20for%20example%20for%20teams%20there%20is%20no%20options%20to%20remember%20this%20for%2030%20days%2C%20is%20this%20bound%20to%20a%20device%3F%20So%20if%20you%20choose%20'remember%20for%2030%20day's'%20on%20Outlook%20it%20will%20remember%20it%20for%20all%20apps%3F%20If%20yes%2C%20do%20they%20need%20to%20enter%20MFA%20for%20all%20apps%20every%2030%20days%3F%20Or%2C%20if%20no%20do%20they%20need%20to%20enter%20MFA%20every%20day%3F%20(doesnt%20seem%20so).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20I%20can't%20test%20this%20right%20now%20but%20people%20tell%20me%20they%20did%20%3CSTRONG%3Enot%3C%2FSTRONG%3E%20choose%20'remember%20for%2030%20day's'%20and%20did%20not%20had%20to%20enter%20MFA%20today.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EConditional%20access%20is%20setups%20as%20(see%20attachment)%3CBR%20%2F%3E%3CBR%20%2F%3EDoes%20this%20have%20anything%20to%20do%20with%20tokens%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers..%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-330852%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emfa%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMulti-Factor%20Authentication%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-331700%22%20slang%3D%22en-US%22%3ERe%3A%20Multiple%20conditional%20access%20%2F%20MFA%20questions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-331700%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Niels%2C%3CBR%20%2F%3E%3CBR%20%2F%3EDid%20you%20configure%20the%20iOS%20native%20mail%20app%20manually%20(where%20you%20have%20to%20type%20in%20server%20information)%20or%20did%20you%20choose%20%22sign%20in%22%3F%20I%20believe%20if%20you%20choose%20%22sign%20in%22%20then%20the%20native%20client%20will%20use%20modern%20authentication%20to%20authenticate%20and%20work%20with%20MFA.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20can%20recommend%20watching%20this%20MFA%20video%20from%20last%20years%20Ignite%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dx7W3vjpF8y4%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dx7W3vjpF8y4%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%3C%2FP%3E%3CP%3ENicklas%3C%2FP%3E%3C%2FLINGO-BODY%3E
Niels de Jager
Occasional Contributor

Hi all,

 

I've configured Conditional Access to require MFA when connecting to O365 services.

I have some qustions about this, all seems to work fine. But;

- The Native iOS mail app for some users seem to work for one day only, they stop syncing and are not asking for MFA / credentials. All devices have iOS 12+.

 

- The windows / mac devices are not Azure AD joined, so Teams, Outlook and OneDrive are all requiring MFA. I've added the ability to remember MFA on devices they trust for 30 days. But, for example for teams there is no options to remember this for 30 days, is this bound to a device? So if you choose 'remember for 30 day's' on Outlook it will remember it for all apps? If yes, do they need to enter MFA for all apps every 30 days? Or, if no do they need to enter MFA every day? (doesnt seem so).

 

- I can't test this right now but people tell me they did not choose 'remember for 30 day's' and did not had to enter MFA today.


Conditional access is setups as (see attachment)

Does this have anything to do with tokens?

 

Cheers..

1 Reply

Hi Niels,

Did you configure the iOS native mail app manually (where you have to type in server information) or did you choose "sign in"? I believe if you choose "sign in" then the native client will use modern authentication to authenticate and work with MFA.


I can recommend watching this MFA video from last years Ignite:

https://www.youtube.com/watch?v=x7W3vjpF8y4



Regards,

Nicklas

Most organizations have understood the need for securing cloud identities with a second factor of authentication like Azure Multi-Factor Authentication (MFA). Still, a lot are doing it wrong. It is not complicated to do Azure MFA the right way with using Microsoft Intune and conditional access ...
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies