question

I had multiple users affected by this, all after the iOS 14 update. We use MFA and require consent for Azure apps to access company data, which are both definitely a good idea.

Eventually I got a device running iOS 14 and added my account to the Mail app. I'm the admin for our Microsoft 365 tenancy. After doing this I noticed the Apple-related Azure enterprise application had been updated: its name changed from 'iOS Accounts' to 'Apple Internet Accounts', and it picked up an additional permission. This seems to have fixed the problem.

Here's a screen shot of how it looks now in the Azure admin center, under Enterprise applications > Apple Internet Accounts > Permissions.

My fix / workaround to this was to avoid MFA by using an "App Password" - those single-use passwords you can generate to support apps which don't handle MFA well.

You can create one on your account page:
https://mysignins.microsoft.com/security-info

Then when you're adding an Exchange account in iOS, enter your email & name and it takes you to a website. Cancel that, and it lets you enter a password directly - enter your new App Password into here.

(I tried this, because stuff suggested elsewhere like deleting/re-adding, using another browser, trying other sign-in methods, none of that worked for me. And I don't think my azure admin will be ok with just authorizing new apps willy nilly)

Does anyone know if IOS 14.1 will resolve this issue - the release notes doesn't really say it address anything with the built in mail app.

As of yesterday 20% of my iPhone users are having this issue. The Password Incorrect box keeps popping up and the password does not work. Their accounts do not lock which means they are not entering an incorrect password.

Configuration:
- Office 365 and Intune.
- iOS profile is pushed out via an Intune policy. Uses outlook.office365.com as the email server. OAuth disabled.
- No MDM.
- Outlook app works, native iOS app does not work.

This thread has a lot of talk about an Azure Active Directory Enterprise Application. We do not have any Enterprise Apps related to iOS. The only Apple related app we have is Apple Business Manager.

We have managed to work around this issue on a number of devices by running the following procedure. It handles issues caused by two IOS bugs. The whole thing can be done from the user's webmail and ios device. I have provided these in case end-users without access to the EAC or Endpoint Manager console stumble upon this post.

IOS bugs: An old EAS account is not deleted properly and a security issue in Safari causing problems with OAuth.

This fix includes a tip from @BrianDavis-2755 that worked with the Safari issue affecting the mail app we were experiencing on some devices.

Procedure 1 – Start Here
1. Unenroll the device and check the management profile has been removed (Settings | General |Device Management)
2. Check mail accounts and check that the EAS account has been deleted. If it is still there, attempt to delete it manually. Regardless of whether the account could be deleted, continue steps.
3. Enrol the device as normal
4. Give a little time and check to see if device can sync mail, calendar, etc
5. If ok, GREAT, it was an old EAS account causing the problem and deleting it fixed the issue
6. If not ok, follow Procedure 2

Procedure 2 -Account could not be deleted AND/OR the device still can’t Sync
1. The device should still be enrolled.
2. Install MS Edge app on the device and set it as the default browser (Settings, scroll down to Edge and select, change default browser app from Safari to Edge)
3. Restart phone - test
4. If still not syncing, open Webmail (https://outlook.office.com/) on the user’s PC.
5. Click the Settings cog at the top right
6. At the bottom of the list, select View all Outlook settings.
7. Select General and Mobile Devices
8. Select device having issues (probably Quarantined)
9. Select the Wipe icon
10. IMPORTANT: Select "Wipe only data related to this account". Do NOT select Wipe all data as that will delete all personal data.
11. User should get an email in Outlook saying data is wiped. Once received, from the same Mobile Device screen in Webmail, select the trashcan option the for device to delete it
12. Once deleted, Open Company Portal
13. Select the Device and touch Check Status
14. Within a minute or so the user may be prompted on their device to enter the password for the Exchange account. Enter it and follow instructions if prompted to install certificates.
15. If not prompted, on the device go to Settings | Mail |Accounts |<EAS Account> | Tap Re-enter password.
16. Hopefully fixed.