question

Lt-Columbo avatar image
0 Votes"
Lt-Columbo asked MarileeTurscak-MSFT answered

iOS native Mail client conficts with MFA through Azure Conditional Access

Hi guys,

I recently deployed DUO MFA through Azure AD conditional access for Azure AD access.
It is aimed to protect access to emails stored in Exchange Online.
It works fine with desktop Outlook and OWA.
However, all iOS native Mail client get the message below and emails syncing stops.

128342-native-ios-mfa.jpg


Excluding affected users gets access to emails on iOS Mail client back to normal.
I've come across the se articles where solution was found by granting tenant permission for iOS app.
https://docs.microsoft.com/en-us/answers/questions/300742/native-ios-mail-app-not-working-with-mfa.html
https://docs.microsoft.com/en-us/answers/questions/93588/ios-14-mailcalendar-multi-factor-authentication-fa.html
Just a bit unclear how to grant that permission and what are potential implications.

Thanks.

azure-ad-multi-factor-authentication
native-ios-mfa.jpg (60.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

The Exchange Active Sync client does not support MFA. If you make sure “Exchange ActiveSync clients” is unchecked in the conditional access policy, native iOS mail clients should be able to have access.

Intune might suit your scenario better. https://docs.microsoft.com/en-us/mem/intune/protect/exchange-connector-install

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.