Aug 04 2020 12:18 PM
Aug 04 2020 12:18 PM
We are trying to enroll our iOS devices into EndPoint Manager. We have run into an issue if the device is already using the Microsoft Authenticator App.
The user launches the Intune Company Portal app and is able to login just fine. This begins the process of enrolling the device with EndPoint Manager. When it proceeds to the second step where it needs to download the management profile, the user is prompted to login again. The login process switches over to the Microsoft Authenticator App and seems to process normally. After the user confirms the MFA challenge the Authenticator App goes to white a screen and never proceeds. If you switch back to the Intune Company Portal, it reports an error and asks to retry or close.
The error reported from the Intune Company Portal app indicates that the app data may be corrupted and needs to be reinstalled. This has been attempted but nothing changes in the process.
Additionally, we have removed the Authenticator App from the user so it is no longer associated with the user and is no longer an option as an MFA method. This still did not make any improvements.
We did eventually get the process to complete by fully removing the Microsoft Authenticator app from the device.
Is this the normal process? What is the correct way to enroll a device with EndPoint Manager if the Microsoft Authenticator App is already installed on the device?
Aug 04 2020 08:00 PM
I think after you sign in with Auth app, you need to go back to Setting tab in your IOS, where you see the enrollment profile waiting to be installed.
Here is a good guide on how to enroll your IOS device with Company Portal.
Hope this helps!
Aug 05 2020 02:31 PM
It doesn't get that far. The process stops just before the profile would be downloaded. It looks like it is having issues processing the login to start the profile download. I suspect it is something between the handoffs between the Intune Company Portal app and the Microsoft Authenticator app.
Thanks for the suggestion.
Aug 05 2020 09:36 PM
Aug 06 2020 02:57 AM
Hi, If MFA is configured and you are removing Auth App from device than thats not going to help, so in case you have removed Auth app from device than please go to aka.ms/mfasetup log in using your corporate email ID and delete the Auth App device (as shown in pic). once done than freshly configure Auth App in your device and once configured successfully proceed with company portal enrollment.
for fresh setup of Auth App please follow this article.. https://docs.microsoft.com/en-us/azure/active-directory/user-help/security-info-setup-auth-app