Forum Discussion

Copper Contributor

Feb 03, 2018

Intune for iOS DEP devices with MFA

I well imagined this would already be a well discussed topic on here, but does anyone know if Microsoft/Apple are working on getting iOS devices to work with the device enrolment program and MFA. ...

Intune

mobile device management (mdm)

Enzoz

Copper Contributor

Apr 24, 2020

Daniel Hudson

I have a customer that does not have any conditional access rules, MFA is not enabled however during enrollment they get an MFA Prompt. There are no rules created anywhere and the only place we get a prompt is during enrollment.

Why? sounds like a bug

Thijs Lecomte

Bronze Contributor

Apr 26, 2020

Could you check Azure Active Directory - Devices - Device Settings - Require multi-factor to join devices

Is this a new tenant?

Enzoz
Copper Contributor
Apr 26, 2020
Thijs Lecomte

would you mind elaborating more? are you talking about the config profiles?

This is an existing tenant with new intune - co-management setup.
There are zero conditional access rules and the only compliance is for jailbroken devices.

the users do not get MFA challenge for anything other than the company portal enrollment login. (I do not know where this MFA challenge is coming from.)
- Thijs Lecomte
  Bronze Contributor
  Apr 26, 2020
  Please navigate to portal.azure.com.
  
  Open 'Azure Active Directory', click devices, then 'Device Settings' and check which value 'Require multi-factor to join devices' has
  - Enzoz
    Copper Contributor
    Apr 26, 2020
    Thijs Lecomte
    
    I think you nailed it! it must be a setting my customer did not realize they setup.
    
    its greyed out for me but Ill have my customer test. I sure that is it!
    
    Thanks sooooo much!