MFA
6 TopicsBypassing MFA during device enrolment when using per-user MFA
Hi all, I have a customer that is currently using legacy MFA (per user) set to enforced and already configured for all users. They are piloting an Intune deployment but have hit a snag when it comes to Android enrolment as when signing in for the first time this requires the user to verify their identity with a MFA SMS code. However, when the device is in this provisioning stage the device cannot not receive SMS messages therefore the MFA request (and enrolment) cannot be completed without the help of a second device. Which isn't always an option. I'm aware you can solve this by moving over to Azure MFA with CA policies that exclude Intune Enrolment but this isn't practical for them right now. Is there an alternative way to prevent an MFA request during the device enrolment process when using Legacy MFA?Solved4.2KViews0likes3CommentsSlack for Intune requiring MFA
Hello, I have setup Android device on Intune and have added Slack for Intune on managed Google Play. Problem I am having currently is that Slack for Intune is requesting MFA. I am not sure if this is a default behavior or if it can be disabled. I am trying to access Slack w/o MFA being required, what can be done? Thanks.1.4KViews0likes1CommentIntune - iOS Mail Profile with Azure MFA
Having issues setting up a Device Configuration Profile with intune. I created a Profile to deploy a Mail Profile for iOS devices to connect to Office 365 mailbox. The profile deploys properly but when the profile deploys, I am asked to enter my credentials but they do not work. The iOS Mail Profile is never able to verify the exchange account. After entering the password it says "Unable to verify account information". We do have MFA enabled and our domain is federated with ADFS. Does intune iOS Mail Profile configuration work with Azure MFA? What could possibly be the issue?17KViews0likes18CommentsMultiple conditional access / MFA questions
Hi all, I've configured Conditional Access to require MFA when connecting to O365 services. I have some qustions about this, all seems to work fine. But; - The Native iOS mail app for some users seem to work for one day only, they stop syncing and are not asking for MFA / credentials. All devices have iOS 12+. - The windows / mac devices are not Azure AD joined, so Teams, Outlook and OneDrive are all requiring MFA. I've added the ability to remember MFA on devices they trust for 30 days. But, for example for teams there is no options to remember this for 30 days, is this bound to a device? So if you choose 'remember for 30 day's' on Outlook it will remember it for all apps? If yes, do they need to enter MFA for all apps every 30 days? Or, if no do they need to enter MFA every day? (doesnt seem so). - I can't test this right now but people tell me they did not choose 'remember for 30 day's' and did not had to enter MFA today. Conditional access is setups as (see attachment) Does this have anything to do with tokens? Cheers..1.2KViews0likes1CommentConditional Access - MFA one time prompt password (Android Devices)
Suppose Let's say I have configured the conditional access policy for Android Devices and I have targeted the Client Apps (Exchange Online, OneDrive, Teams, Yammer and Skype) and I have also enabled the option to mark the device as a trusted device so that it shouldn't come with the token (MFA) for each applications. I want to know for Android Devices whether the option comes for"don't ask me again for x days"when we configure for One Time Password and MFA for one Application. As I couldn't able to see this option coming in android devices and it keeps prompting code for other applications as well. Kindly see the screenshot for the same. This I have tested for Windows Devices, iOS devices and it is smoothly working without asking any MFA for other apps.1.2KViews0likes0CommentsInstalling Intune for MFA with Airwatch MDM
Hello community, Question: I have a client that is using AirWatch for MDM. (Trying to move to Intune - Long story). Anyways they want Azure MFA because of the integration with PC's and no requirement for ADFS once we go with 3SO and PTA. We have some rather strict policies we are going to enforce when users are going to get an MFA prompt. i.e. never on approved devices. So for the mobile work force I do not see a way to make a device approved unless it is enrolled with Intune. So I pose the question, can we enroll a mobile device with Intune or Azure AD while AirWatch is providing MDM (iOS and Android). If I am missing something obvious here please let me know.4.8KViews0likes1Comment