iOS Mail app prompts MFA but we can't find how to disable it

CUCOOPE 186 Reputation points
2021-11-22T04:36:05.623+00:00

Hi. Recently a user reported that sometimes she was prompted for MFA when she tries to access a mailbox in iOS's Mail app, which it didn't a month ago. After checking the sign-in logs, we've found that it was an application called "Microsoft App Access Panel" and the status of that sign-in attempt was "interrupted". The detail of the log tells us that the authentication policies applied was "App requires MFA", but we couldn't find that policy anywhere in Conditional Access. The only MFA-related policy in Conditional Access was a policy that will requires user to perform MFA only including "Office 365 Exchange Online" but since the policy is not related to "Microsoft App Access Panel"(?) and the said user was excluded from that policy, I don't think that's the issue. We have already set the "Enable Security defaults" to "No" and we've checked that the "Multi-factor Auth Status" for the user was "Disabled". Does anyone knows where in Azure/Exchange Admin Center could be possibly causing MFA? Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,342 questions
0 comments
Accepted answer
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-11-22T12:00:09.963+00:00

    @CUCOOPE Assuming you are using Microsoft 365 Exchange online for Your emails, and "sometime prompted for MFA" shows that you might have already been setup for Modern Auth for IOS mail app. If there is literally no CA policy getting targeted for this user in any way, you should open a support case to further identify the issue as this will need looking at users information and logs at our backend.

    Normally if it was a continuous prompt for MFA, there is a setup issue with the account.
    The intermittent MFA pop up , needs investigation of scenario like what actually she was doing and in what order followed by log reviews. Are you sure no CA policy is getting targeted for this user ? Check under What if tool in AAD to confirm, again.

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest