Hi,
Thank you for posting in Microsoft Q&A forum.
Is it a BYOD iOS devices? If it is enrolled via Apple automated device enrollment, a second device is required to complete the MFA for iOS devices. Because the primary device can't receive calls or text messages during the provisioning process.
Per the official article: Require multifactor authentication for Intune device enrollments
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.