Intune Company Portal and Microsoft Authenticator App on iOS

%3CLINGO-SUB%20id%3D%22lingo-sub-1565837%22%20slang%3D%22en-US%22%3EIntune%20Company%20Portal%20and%20Microsoft%20Authenticator%20App%20on%20iOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1565837%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20trying%20to%20enroll%20our%20iOS%20devices%20into%20EndPoint%20Manager.%26nbsp%3B%20We%20have%20run%20into%20an%20issue%20if%20the%20device%20is%20already%20using%20the%20Microsoft%20Authenticator%20App.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20user%20launches%20the%20Intune%20Company%20Portal%20app%20and%20is%20able%20to%20login%20just%20fine.%26nbsp%3B%20This%20begins%20the%20process%20of%20enrolling%20the%20device%20with%20EndPoint%20Manager.%26nbsp%3B%20When%20it%20proceeds%20to%20the%20second%20step%20where%20it%20needs%20to%20download%20the%20management%20profile%2C%20the%20user%20is%20prompted%20to%20login%20again.%26nbsp%3B%20The%20login%20process%20switches%20over%20to%20the%20Microsoft%20Authenticator%20App%20and%20seems%20to%20process%20normally.%26nbsp%3B%20After%20the%20user%20confirms%20the%20MFA%20challenge%20the%20Authenticator%20App%20goes%20to%20white%20a%20screen%20and%20never%20proceeds.%26nbsp%3B%20If%20you%20switch%20back%20to%20the%20Intune%20Company%20Portal%2C%20it%20reports%20an%20error%20and%20asks%20to%20retry%20or%20close.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20error%20reported%20from%20the%20Intune%20Company%20Portal%20app%20indicates%20that%20the%20app%20data%20may%20be%20corrupted%20and%20needs%20to%20be%20reinstalled.%26nbsp%3B%20This%20has%20been%20attempted%20but%20nothing%20changes%20in%20the%20process.%3CBR%20%2F%3E%3CBR%20%2F%3EAdditionally%2C%20we%20have%20removed%20the%20Authenticator%20App%20from%20the%20user%20so%20it%20is%20no%20longer%20associated%20with%20the%20user%20and%20is%20no%20longer%20an%20option%20as%20an%20MFA%20method.%26nbsp%3B%20This%20still%20did%20not%20make%20any%20improvements.%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20did%20eventually%20get%20the%20process%20to%20complete%20by%20fully%20removing%20the%20Microsoft%20Authenticator%20app%20from%20the%20device.%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20this%20the%20normal%20process%3F%26nbsp%3B%20What%20is%20the%20correct%20way%20to%20enroll%20a%20device%20with%20EndPoint%20Manager%20if%20the%20Microsoft%20Authenticator%20App%20is%20already%20installed%20on%20the%20device%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1565837%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1566360%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Company%20Portal%20and%20Microsoft%20Authenticator%20App%20on%20iOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1566360%22%20slang%3D%22en-US%22%3E%3CP%3EHI%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F749389%22%20target%3D%22_blank%22%3E%40Chas_1735%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20after%20you%20sign%20in%20with%20Auth%20app%2C%20you%20need%20to%20go%20back%20to%20Setting%20tab%20in%20your%20IOS%2C%20where%20you%20see%20the%20enrollment%20profile%20waiting%20to%20be%20installed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20a%20good%20guide%20on%20how%20to%20enroll%20your%20IOS%20device%20with%20Company%20Portal.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3C%2FP%3E%3CP%3EMoe%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fuser-help%2Fenroll-your-device-in-intune-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fuser-help%2Fenroll-your-device-in-intune-ios%3C%2FA%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Pic15.png%22%20style%3D%22width%3A%20216px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F210320i0D40793582FBF717%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Pic15.png%22%20alt%3D%22Pic15.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1569340%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Company%20Portal%20and%20Microsoft%20Authenticator%20App%20on%20iOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1569340%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F503735%22%20target%3D%22_blank%22%3E%40Moe_Kinani%3C%2FA%3E%3C%2FP%3E%3CP%3EIt%20doesn't%20get%20that%20far.%26nbsp%3B%20The%20process%20stops%20just%20before%20the%20profile%20would%20be%20downloaded.%26nbsp%3B%20It%20looks%20like%20it%20is%20having%20issues%20processing%20the%20login%20to%20start%20the%20profile%20download.%26nbsp%3B%20I%20suspect%20it%20is%20something%20between%20the%20handoffs%20between%20the%20Intune%20Company%20Portal%20app%20and%20the%20Microsoft%20Authenticator%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20suggestion.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1569752%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Company%20Portal%20and%20Microsoft%20Authenticator%20App%20on%20iOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1569752%22%20slang%3D%22en-US%22%3EThis%20article%20talks%20about%20IOS%20versions%2C%20have%20you%20tried%20upgrading%20the%20device%20to%20the%20latest%20iOS%20version%20and%20enroll%20again%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1570249%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20Company%20Portal%20and%20Microsoft%20Authenticator%20App%20on%20iOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1570249%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F749389%22%20target%3D%22_blank%22%3E%40Chas_1735%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20If%20MFA%20is%20configured%20and%20you%20are%20removing%20Auth%20App%20from%20device%20than%20thats%20not%20going%20to%20help%2C%20so%20in%20case%20you%20have%20removed%20Auth%20app%20from%20device%20than%20please%20go%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fuser-help%2Fsecurity-info-setup-auth-app%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CU%3E%3CSTRONG%3Eaka.ms%2Fmfasetup%3C%2FSTRONG%3E%3C%2FU%3E%3C%2FA%3E%26nbsp%3B%20log%20in%20using%20your%20corporate%20email%20ID%20and%20delete%20the%20Auth%20App%20device%20(as%20shown%20in%20pic).%20once%20done%20than%20freshly%20configure%20Auth%20App%20in%20your%20device%20and%20once%20configured%20successfully%20proceed%20with%20company%20portal%20enrollment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22I_am_Rajesh_0-1596707803814.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F210597i2BDEEF97F325E1DE%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22I_am_Rajesh_0-1596707803814.png%22%20alt%3D%22I_am_Rajesh_0-1596707803814.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Efor%20fresh%20setup%20of%20Auth%20App%20please%20follow%20this%20article..%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fuser-help%2Fsecurity-info-setup-auth-app%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fuser-help%2Fsecurity-info-setup-auth-app%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We are trying to enroll our iOS devices into EndPoint Manager.  We have run into an issue if the device is already using the Microsoft Authenticator App.

 

The user launches the Intune Company Portal app and is able to login just fine.  This begins the process of enrolling the device with EndPoint Manager.  When it proceeds to the second step where it needs to download the management profile, the user is prompted to login again.  The login process switches over to the Microsoft Authenticator App and seems to process normally.  After the user confirms the MFA challenge the Authenticator App goes to white a screen and never proceeds.  If you switch back to the Intune Company Portal, it reports an error and asks to retry or close.

The error reported from the Intune Company Portal app indicates that the app data may be corrupted and needs to be reinstalled.  This has been attempted but nothing changes in the process.

Additionally, we have removed the Authenticator App from the user so it is no longer associated with the user and is no longer an option as an MFA method.  This still did not make any improvements.

We did eventually get the process to complete by fully removing the Microsoft Authenticator app from the device.

Is this the normal process?  What is the correct way to enroll a device with EndPoint Manager if the Microsoft Authenticator App is already installed on the device?

4 Replies
Highlighted

HI @Chas_1735,

 

I think after you sign in with Auth app, you need to go back to Setting tab in your IOS, where you see the enrollment profile waiting to be installed.

 

Here is a good guide on how to enroll your IOS device with Company Portal. 

 

Hope this helps!

Moe

 

https://docs.microsoft.com/en-us/mem/intune/user-help/enroll-your-device-in-intune-iosPic15.png

Highlighted

@Moe_Kinani

It doesn't get that far.  The process stops just before the profile would be downloaded.  It looks like it is having issues processing the login to start the profile download.  I suspect it is something between the handoffs between the Intune Company Portal app and the Microsoft Authenticator app.

 

Thanks for the suggestion. 

Highlighted
This article talks about IOS versions, have you tried upgrading the device to the latest iOS version and enroll again?
Highlighted

@Chas_1735 

Hi, If MFA is configured and you are removing Auth App from device than thats not going to help, so in case you have removed Auth app from device than please go to aka.ms/mfasetup  log in using your corporate email ID and delete the Auth App device (as shown in pic). once done than freshly configure Auth App in your device and once configured successfully proceed with company portal enrollment.

 

I_am_Rajesh_0-1596707803814.png

 

for fresh setup of Auth App please follow this article..  https://docs.microsoft.com/en-us/azure/active-directory/user-help/security-info-setup-auth-app