How to exclude a trusted iOS device with Authenticator app installed from MFA prompts, but not untrusted.
Hi,
We have succesfully set up MFA with conditional access policy's in Endpoint manager with number matching. We have several CA policy's in place at the moment and those seem to be working as intended.
The only thing that is bugging us now is that we get MFA prompts when using Office 365 apps ie. Outlook for iOS on that same iOS device as where the authenticator app is installed AND that same device is enrolled and compliant in Intune.
We already require 6 digit pincode or face-ID to access the device so we believe there should be no need to have MFA prompts as well on that same iphone.
Just to be clear, what we do want;
When an authorized/domain user uses his/her credentials on a privatly owned (uncompliant) iOS device they SHOULD get an MFA prompt, even if they decided to install the authenticator app and register it for our tenant.
Needless to say, on any other device a user should get MFA prompts with the authenticator app on those same iOS devices.
Can someone point me in the direction how to achieve this the right way?
Thanks in advance.