Blocking MFA while onboarding iPhone to Endpoint Manager in the same device

%3CLINGO-SUB%20id%3D%22lingo-sub-2650885%22%20slang%3D%22en-US%22%3EBlocking%20MFA%20while%20onboarding%20iPhone%20to%20Endpoint%20Manager%20in%20the%20same%20device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2650885%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22paragraph-207%22%3EHello!%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-207%22%3EOne%20of%20my%20customer%20is%20onboarding%20iPhones%20into%20Endpoint%20Manager%20and%20have%20a%20challenge%20with%20the%20MFA%20approvals.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-207%22%3EThey%20make%20use%20of%20the%20Apple%20DEP%20process%20to%20direct%20any%20new%20or%20replacement%20iPhones%20straight%20into%20the%20Endpoint%20Manager%20registration%20when%20the%20phone%20is%20powered%20on.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-207%22%3EThe%20device%20being%20onboarded%20into%20Endpoint%20Manager%20is%20the%20same%20device%20being%20used%20to%20approve%20the%20MFA%20authentication.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-207%22%3ESo%2C%20when%20a%20new%20iPhone%20get%20to%20the%20Endpoint%20Manager%20registration%20portion%20and%20the%20user%20is%20asked%20to%20sign%20in%2C%20MFA%20kicks%20in%20and%20send%20the%20user%20the%20MFA%20authentication%20prompt%2C%20however%20the%20user%20cannot%20action%20the%20MFA%20request%20due%20to%20the%20phone%20being%20focused%20on%20the%20Endpoint%20Manager%20registration.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-207%22%3EOne%20workaround%20was%20Block%2F%20Unblock%20in%20Azure%20AD%20portal%20-%26gt%3B%20MFA%20%2C%20but%20the%20default%20duration%20of%20blocking%20MFA%20for%2090%20days%20is%20longer.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-207%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-207%22%3EAny%20suggestions%20on%20workarounds%20for%20seamless%20iPhone%20onboarding%20into%20Endpoint%20Manager%20without%20manual%20intervention%20%3F%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Hello!

One of my customer is onboarding iPhones into Endpoint Manager and have a challenge with the MFA approvals.

They make use of the Apple DEP process to direct any new or replacement iPhones straight into the Endpoint Manager registration when the phone is powered on.

The device being onboarded into Endpoint Manager is the same device being used to approve the MFA authentication.

So, when a new iPhone get to the Endpoint Manager registration portion and the user is asked to sign in, MFA kicks in and send the user the MFA authentication prompt, however the user cannot action the MFA request due to the phone being focused on the Endpoint Manager registration.

One workaround was Block/ Unblock in Azure AD portal -> MFA , but the default duration of blocking MFA for 90 days is longer.

 

Any suggestions on workarounds for seamless iPhone onboarding into Endpoint Manager without manual intervention ? Thank you!

0 Replies
www.000webhost.com