Share via

Enrolling an IOS Device with MFA Enabled

EI 40 Reputation points
2023-11-01T04:16:55.39+00:00

I am having difficulty enrolling a new IOS device for a user who has MFA enabled. After entering the username and password for MFA, the device is unable to receive a code. I have tried setting up a Temporary Access Pass (TAP) and configuring a new number via a browser login, but the device is not enrolled and can't receive an SMS code. Some suggest excluding the user from MFA initially or excluding Microsoft Intune enrollment from conditional access policy, but these options reduce security in the environment. Has anyone resolved this issue without compromising security?

Microsoft Security | Intune | Microsoft Intune iOS
Microsoft Security | Intune | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Simon Ren-MSFT 40,376 Reputation points Microsoft External Staff
    2023-11-01T09:44:17.3333333+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    Is it a BYOD iOS devices? If it is enrolled via Apple automated device enrollment, a second device is required to complete the MFA for iOS devices. Because the primary device can't receive calls or text messages during the provisioning process.

    Per the official article: Require multifactor authentication for Intune device enrollments

    mfa

    Thanks for your time. Have a nice day!

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.