Disable MFA from Microsoft Intune Enrollment I honestly think you have three options and you need to choose the right one based on what your organization requirements might be regarding security and MFA. He/she is guided through the process and when Single App Mode launches and Company Portal wants you to authenticate using Multi-Factor Authentication how do you perform the MFA as the user’s device is currently locked in the Single App Mode? Workarounds Lets imagine a new employee starts and unlocks their shiny Apple iPhone. Which came first, the MFA or the Single App Mode? The documentation tells that if you want to use Multi-Factor Authentication you must authenticate the users in Company Portal instead of Apple Setup Assistant. You need to understand the different options and their limitations while choosing the best combination for you. There is a (slightly confusing) documentation about configuring Apple enrollment profile here. User is not able to access the phone before the setup is ready. This configuration basically locks the iOS after the first launch and automatically enrolls the device to Microsoft Intune without any complicated user actions. To empower your users with their new Apple devices you really want to use Single App Mode in your Apple enrollment profile. Multi-Factor Authentication and Apple DEP I will also explain another known issue with Apple DEP and Single App Mode. As of today Apple DEP with Single App Mode and Android Fully Managed devices using Samsung KME and Google Zero Touch are affected with the issue. The issue I want to discuss is related to the combination of automatic enrollment methods and MFA. You can read my colleague’s posts about setting up Apple DEP, Samsung KME and Google Zero Touch. The planning guide covers more than just enrollment options but it’s a really good read.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |