Automatic enrolment in to Intune and MFA using MS Authenticator

meravensdown · ‎Nov 07 2019

hi all

Another question. So, we are starting to go down the MFA and Intune route and need some help.

We are using the MS Authenticator App on our mobile phone fleet (iPhone) and have run in to a curly issue. We use Apple DEP so that as soon as a new phone, or existing iphone is wiped it automatically downloads the company portal app, runs it and prompts the user to log in with their email address.

Our issue is that if that user has MFA configured they are NOT able to get past the point where they either have to go to the MS Authenticator app to approve, try the TXT method or phone call (you can see the call showing but you are unable to actually accept the call).

The only way we have found to get around this is to disable the users MFA in the O365 admin portal, get them to sign in to the company portal app on their phone to complete the enrolment then reenable their MFA and get them to re do the MFA process.

Is the above correct or are we missing something obvious?

Eli Shlomo · ‎Nov 07 2019

Currently, MFA doesn't work during enrollment on DEP devices, and the solution is to disable MFA, and then re-enroll the device.

More information from the Troubleshoot iOS device enrollment problems page https://docs.microsoft.com/en-us/intune/enrollment/troubleshoot-ios-enrollment-errors

But, there are other scenarios (new ones) that allow Intune skips user authentication through the iOS Setup Assistant and, instead, uses modern authentication, and it depend on your scenario.

https://support.microsoft.com/en-gb/help/4493320/cannot-access-company-resources-on-a-dep-device

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Automatic enrolment in to Intune and MFA using MS Authenticator

Automatic enrolment in to Intune and MFA using MS Authenticator

Re: Automatic enrolment in to Intune and MFA using MS Authenticator