Forum Discussion

Alex Melching's avatar
Alex Melching
Iron Contributor
Aug 02, 2018

Office 365 MFA Enabled Users and the Apple Mail app for iOS Concern

Office 365 MFA and the Apple Mail app for iOS concern? We ourselves and several customers using Office 365 have noticed a recent issue with the Apple Mail app for iOS when Office 365 MFA is enabled. ...
Authentication
office 365
vortiz's avatar
vortiz
Copper Contributor
Jun 03, 2019

snorma01 I have run into this issue as well. Most all iPhone users have the MFA loop and i cannot seem to figure out hot to stop it. Because some users refuse to use the Outlook app 

snorma01's avatar
snorma01
Copper Contributor
Jun 03, 2019

vortiz Yes my only current workaround for MFA users is to have them use the Outlook app. But I also have my users register their devices using Office 365 MDM (Intune Company Portal app). This automatically adds the account to the default iOS mail app, but it doesn't work for MFA users because it is not configured with OAuth/modern authentication, and this causes all kinds of problems for the users. I believe the full version of Intune MDM has an option to enable OAuth now, but it hasn't been addressed in Office 365 MDM for whatever reason. If this could be fixed it would be easy for users to set up their email in the default mail app when they register their devices. With MFA being recommended for all users these days, it's ridiculous that Office 365 MDM doesn't support it!

  • SPOM1's avatar
    SPOM1
    Brass Contributor
    Jul 12, 2019

    So what is the current state for Office 365 users? We don't use MDM at this point and I'm just starting to dig into it, and have only a couple we need to set up MFA for at the moment (eventually we will migrate over everyone, but it’s going to be a very training-intensive organization). I can't force them to use Outlook, so I want to have Mail working. And how often is MFA re-authentication requested (can it be configured to daily)?

    • ChrisWebbTech's avatar
      ChrisWebbTech
      MVP
      Jul 12, 2019
      Mail supports MFA, I use it all the time with MFA and no app passwords are required. Not sure on the daily auth thou, I'm going to assume it will take whatever you have your token refresh in your tenant set to for MFA
      • snorma01's avatar
        snorma01
        Copper Contributor
        Jul 12, 2019

        ChrisWebbTech SPOM1 What still doesn't work is deploying iOS mail profiles using Office 365 MDM and the Intune Company Portal app, for MFA users. The Office 365 MDM profiles don't support OAuth/Modern Authentication. I opened a support case on this because I consider it to be a bug for a Microsoft product to not support MFA in 2019, but support told me it wasn't supported yet and we'll have to wait for them to prioritize this. Completely ridiculous that this hasn't been fixed yet, if you ask me.

Resources