O365 MFA and MDM

JPost
New here

O365 MFA and MDM

Good Morning,

We recently had to enable Multifactor Authentication for our O365 email. When we did, our users can't authenticate if they have Meraki MDM on their phone. The password for the email account just constantly pops up over and over again. Has anyone successfully implemented MFA with O365 and Meraki in their environment? 

Thanks

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

I use an Office 365 account with Office 365 MFA on my Android device in "Device Owner" mode without issue.

 

What sort of device is it, what mode is it enrolled in, and specifically which app is giving you the password prompts?

JPost
New here

Our Android devices are good, sorry should have specified that its affecting iPhones and the native mail client. 

 

Most of the users get the text to authenticate from Microsoft. The enter the password in the native mail client and the password box just constantly pops up. What made me believe it's an issue with Meraki is if I remove the MDM profile from my iphone and add mail with out Meraki, it goes just fine.

PhilipDAth
Kind of a big deal
Kind of a big deal

That is a reasonably well-known issue with iPhones and the native email client.  Nothing to do with Meraki.

 

When it happens you have to remove and re-add the email account to the iPhone.

 

The other way to solve it is have your users use Outlook for iOS for their work email - this works perfectly.

JPost
New here

Thanks for the feedback. 

 

That's the thing, I can authenticate the account with the native email client with no issues if Meraki isn't pushing the profile. It also worked just fine until we enabled MFA.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Try changing to Outlook for iOS - it's probably not worth the grief persevering with Apple Mail.

T1
Building a reputation

How do you enroll iPhones in MDM? DEP, User Enrollment or good old profile enrollment via m.meraki.com? We have had O365 with MFA and MDM for a couple of years now, never had any problems. What kind of restrictions, settings and credentials are you pushing with your profile?

 

As mentioned below Outlook is a preferred option here, but our users use native Mail as well. It does sometimes require mail account reset but it has nothing to do with MDM and happens on both enrolled and not enrolled devices.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels