Running into an issue due to enabling "Allow users to remember multi-factor authentication" and setting it to "60 days". This allows our users to click 'remember' and not get prompted every single time they access Sharepoint.

However now the iPhones refuse to accept App Passwords. Instead you need to tap "Sign in" and use your AD credentials - then enter the generated code that is texted to you and check "Don't ask for 60 days". Which is fine except now every 60 days users are not getting mail and have no clue which username/pass they need to fix this.

In that past, before enabling that Sharepoint/Azure feature to allow 'remember', they just needed an App Password once and their email worked forever. No hassle.

Seems we can either choose convenience for Sharepoint or iOS. Surely there is a way to have both? Older users who have been given phones prior to this switch are working just fine with App Passwords. It's just the ones being setup afterwards.