Feb 01 2023 10:59 AM
Hi all,
I have a customer that is currently using legacy MFA (per user) set to enforced and already configured for all users.
They are piloting an Intune deployment but have hit a snag when it comes to Android enrolment as when signing in for the first time this requires the user to verify their identity with a MFA SMS code. However, when the device is in this provisioning stage the device cannot not receive SMS messages therefore the MFA request (and enrolment) cannot be completed without the help of a second device. Which isn't always an option.
I'm aware you can solve this by moving over to Azure MFA with CA policies that exclude Intune Enrolment but this isn't practical for them right now.
Is there an alternative way to prevent an MFA request during the device enrolment process when using Legacy MFA?
Feb 01 2023 05:16 PM - edited Feb 01 2023 05:17 PM
What kind of Android Enrollment your customers is using?
I would recommend using Corporate Owned Dedicated Devices (Company Owned Devices), it should enroll via Bar Code with no need to sign in.
Moe
https://www.inthecloud247.com/how-to-start-with-android-enterprise-corporate-owned-dedicated-devices...
Feb 02 2023 07:34 AM
Feb 02 2023 07:41 AM - edited Feb 02 2023 07:44 AM
SolutionNo challenges, very similar to the old device administrator enrolment. I just rolled out for users don’t like personal profiles.
Sorry, I’m against disabling MFA or making exclusion for users or apps.
Moe
Feb 02 2023 07:41 AM - edited Feb 02 2023 07:44 AM
SolutionNo challenges, very similar to the old device administrator enrolment. I just rolled out for users don’t like personal profiles.
Sorry, I’m against disabling MFA or making exclusion for users or apps.
Moe