This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 49%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
I am having difficulty enrolling a new IOS device for a user who has MFA enabled. After entering the username and password for MFA, the device is unable to receive a code. I have tried setting up a Temporary Access Pass (TAP) and configuring a new number via a browser login, but the device is not enrolled and can't receive an SMS code. Some suggest excluding the user from MFA initially or excluding Microsoft Intune enrollment from conditional access policy, but these options reduce security in the environment. Has anyone resolved this issue without compromising security?
Hi,
Thank you for posting in Microsoft Q&A forum.
Is it a BYOD iOS devices? If it is enrolled via Apple automated device enrollment, a second device is required to complete the MFA for iOS devices. Because the primary device can't receive calls or text messages during the provisioning process.
Per the official article: Require multifactor authentication for Intune device enrollments
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.