Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,972 questions
How to exclude a trusted iOS device with Authenticator app installed from MFA prompts, but not untrusted.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 28.999999999999996%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELV%3C/text%3E%3C/svg%3E)
Leon van de Goor
0
Reputation points
Hi,
We have succesfully set up MFA with conditional access policy's in Endpoint manager with number matching. We have several CA policy's in place at the moment and those seem to be working as intended.
The only thing that is bugging us now is that we get MFA prompts when using Office 365 apps ie. Outlook for iOS on that same iOS device as where the authenticator app is installed AND that same device is enrolled and compliant in Intune.
We already require 6 digit pincode or face-ID to access the device so we believe there should be no need to have MFA prompts as well on that same iphone.
Just to be clear, what we do want;
When an authorized/domain user uses his/her credentials on a privatly owned (uncompliant) iOS device they SHOULD get an MFA prompt, even if they decided to install the authenticator app and register it for our tenant.
Needless to say, on any other device a user should get MFA prompts with the authenticator app on those same iOS devices.
Can someone point me in the direction how to achieve this the right way?
Thanks in advance.
{count} votes
-
Lu Dai-MSFT 28,366 Reputation points2023-01-13T01:55:53.8033333+00:00 @Leon van de Goor Thanks for posting in our Q&A.
For this MFA issue, it is more related to Azure AD. To get more accurate help, I will add Azure AD tag. Thanks.
Sign in to comment