That confirms my own suspicions, thank you!  In terms of the default mail app on Iphones, should we expect to see the same scenario?

The iOS one actually supports MFA, since two versions now.

Has anybody else seen issues with this as I am just starting the MFA journey and Samsung devices in my test user group have had to remove their mail profile upon recreation the issue seems to be resolved.  My worry is in 14 days when MFA kicks in will the mail connection die again?   

@Vasil Michev 

@Ole_Johnny 

I have put in a lot more testing into this and there is unfortunately no fix for Android devices using native email that are managed by a corporate MDM platform - Airwatch & InTune in my case.

As you say the APP Password does work but I am trying to avoid this as we don't  want to manage them and they do not change without a manual process so not very secure.

The ideal is that MDM's can force OAuth requests to Android but this does not seem to be supported at the Android layer, Apple do have it though with iOS and it works.

The only other options I have worked out are -

1 - Register the device via active sync for email but it's not then managed

2 - Use the Outlook client for android - creates a massive change control issue as 99% use native email client.

Thanks for your reply though ;) 

@garethsweeney 

As a follow up, we ended up just recommending that people download and use the Outlook client application.  The app password idea mystified users in our organization and was really hard for them to use.   We pitched the idea as creating a seperate mail app segregating your work life (Outlook app) and your home life (Default mail app).  We've had many people within the org thank us for this concept. 

@KCox61  Greetings,  I did not see a reply to your question so if I may.  MFA will not effect the functionality if you get it working and it is usually a one time deal.  

What is at risk, should someone gain access to your credentials, they will be able to use them on any device to access your emails and your Office account as a whole.  

In todays world it is almost a necessary evil to use MFA.  

That being said, I Apple and Android products I use and I prefer to use Outlook as there are no sync issue with my desktop calendars, contacts, etc..  

Hope this is helpful

@jp1960  Good Evening all, I want to thank you all as you have answered part of my question but I have a 2nd part that I have a bad feeling I am not going to get the answer I want to hear.

So I use verizon email for all my what I consider professional mail as I have been on FIOS for years. Not really trying to change that either. A few years back Verizon decided they did not want to handle their email anymore so they moved it over to AOL who they own. Wasn't thrilled about it but it wasn't a huge deal at the time. Past two days started seeing intermittent issues with my email. I use Outlook on my windows desktops thick Outlook client. Come to find out today that AOL is implementing mandatory OAuth2. While the Outlook solution for Android should work for my phone. Is there anyway to do MFA with a Windows Outlook thick client that would more less be an out of the box solution. I really don't want to use AOL's webmail. In my opinion anything AOL might as well be malware. I don't see a way to use the Outlook 2019 Desktop client with mandatory OAuth2.