Sep 14 2020 11:50 PM - edited Sep 14 2020 11:55 PM
MFA and disabling legacy auth.
what actually 'happens' on an end-users device (iPhone)
1) where the user sync mail with exchange ActiveSync - and uses the native mail client - (I'm guessing if outlook mobile is used there's no problem?).
2) and what happens when MFA is enabled - are the end-users then needed to switch to use App password?
Sep 15 2020 12:36 AM
@Taen keren Hi, I usually don't work with these questions but, yes you're right as Outlook for iOS use modern authentication. When modern authentication is enabled app passwords aren't required.
ADAL-based authentication is what Outlook for iOS and Android uses to access Exchange Online mailboxes
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-...
You can enroll the devices with one-time MFA prompt, if that's what you are looking for.
'Require multi-factor authentication for Intune device enrollments'
https://docs.microsoft.com/en-us/mem/intune/enrollment/multi-factor-authentication
Sep 15 2020 08:16 AM
SolutionBoth the native Mail app and Outlook support modern auth/MFA, so you should be fine.
Sep 15 2020 08:27 AM
@Vasil Michev - thx, why do I see a lot of entries in the CA insight, that phones are using legacy auth. ?
Sep 15 2020 09:17 AM - edited Sep 15 2020 10:05 AM
So I’ll just disable the EAS? - Then all is good? Mail app and outlook mobile app then finds modern auth. ?
Sep 15 2020 09:24 AM
Sep 15 2020 10:07 AM
@ChristianBergstrom - thx, if I look at the link there's this below - but never heard the Get- cmdlet actually sets a setting ?!
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
Sep 15 2020 10:30 AM
@Taen keren Hi, hmm a bit odd yes. That you use to verify if it's enabled or disabled (didn't read the entire post to be honest).
I think we can lean back on @Vasil Michev reply. That is, if you turn EAS off (basic authentication) you should be fine as they will use modern authentication OAuth/ADAL. But as always, do some testing on a few before.
Sep 15 2020 08:16 AM
SolutionBoth the native Mail app and Outlook support modern auth/MFA, so you should be fine.