How to exclude a trusted iOS device with Authenticator app installed from MFA prompts, but not untrusted.

Leon van de Goor 0 Reputation points
2023-01-12T16:02:30.7366667+00:00

Hi,
We have succesfully set up MFA with conditional access policy's in Endpoint manager with number matching. We have several CA policy's in place at the moment and those seem to be working as intended.
The only thing that is bugging us now is that we get MFA prompts when using Office 365 apps ie. Outlook for iOS on that same iOS device as where the authenticator app is installed AND that same device is enrolled and compliant in Intune.
We already require 6 digit pincode or face-ID to access the device so we believe there should be no need to have MFA prompts as well on that same iphone.

Just to be clear, what we do want;
When an authorized/domain user uses his/her credentials on a privatly owned (uncompliant) iOS device they SHOULD get an MFA prompt, even if they decided to install the authenticator app and register it for our tenant.

Needless to say, on any other device a user should get MFA prompts with the authenticator app on those same iOS devices.

Can someone point me in the direction how to achieve this the right way?

Thanks in advance.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,604 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
2,575 questions
Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
16 questions
Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
20 questions
{count} votes