This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 86%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Hi guys,
I recently deployed DUO MFA through Azure AD conditional access for Azure AD access.
It is aimed to protect access to emails stored in Exchange Online.
It works fine with desktop Outlook and OWA.
However, all iOS native Mail client get the message below and emails syncing stops.
Excluding affected users gets access to emails on iOS Mail client back to normal.
I've come across the se articles where solution was found by granting tenant permission for iOS app.
https://learn.microsoft.com/en-us/answers/questions/300742/native-ios-mail-app-not-working-with-mfa.html
https://learn.microsoft.com/en-us/answers/questions/93588/ios-14-mailcalendar-multi-factor-authentication-fa.html
Just a bit unclear how to grant that permission and what are potential implications.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
The Exchange Active Sync client does not support MFA. If you make sure “Exchange ActiveSync clients” is unchecked in the conditional access policy, native iOS mail clients should be able to have access.
Intune might suit your scenario better. https://learn.microsoft.com/en-us/mem/intune/protect/exchange-connector-install