Recently we turned on Azure MFA, assigning it to O365 Exchange Online Cloud App and only applying it to Browser clients. This would force anyone using browser to access their mailbox to be prompted for 2 factor authentication. One thing we did not expect is for this to break our current Intune Outlook mobile users compliance. Outlook Mobile now is being evaluated as compliant although the device isn't MDM enrolled. When discussing this with Microsoft they were able to reproduce this in-house and have determined this to be a code defect.