The final end-user step is the GUI prompt to enter a MFA code (via SMS or the MS Authenticator app). The deployment and setup of the Exchange/ActiveSync profile is smooth and easy in iOS 12 as expected. I now have iOS 12 dev beta 6 installed, and Im using Apple Configurator 2.8 to generate a ActiveSync payload that contains the new OAuth 2.0 settings.
This post will go into why enterprises are considering OAuth, how to configure OAuth for email, and what the user will see after exchange has been deployed."Īpple Video: Apple confirms OAuth at WWDC in 'Managing Apple Devices' session 302 (scrub to ~17:37) If the first iOS 12 beta is any indication of future enhancements, the OAuth capability is now a part of the exchange payload, meaning administrators can deploy an iOS native email account to their iOS fleet with OAuth capability. For those interested in understanding how OAuth works or simply in need of a refresher, you can find my past blog posts here (Part 1/Part 2). With the general availability, enterprises faced challenges securing their Office 365 email on iOS 11 because OAuth 2.0 was first introduced as a user-driven feature. In iOS 11, OAuth 2.0 for Microsoft exchange accounts became generally available. For those who have been following the OAuth saga, this isn’t the first time we’ve seen OAuth 2.0 in the wild. "Based on the first iOS 12 developer beta build, Apple has now added OAuth 2.0 support for Microsoft Exchange accounts that can be deployed through MDM. My MDM profile provisions devices with the user's name, email address, server information, and password criteria.ĭoes anyone have any suggestions on how to manage iOS Exchange accounts in MDM and enable O365 MFA?Īfter more investigation, it appears that Apple plans on providing Oauth 2.0 support in iOS 12 for managed devices. IT director does not want to use App Passwords (too messy and complicated), so we must use OAuth.
Users can choose to use SMS or the MS Authenticator app for MFA. We use Apple's iOS Mail.app (not the MS Outlook app). All iOS devices are managed in Cisco's Meraki MDM (migrating to Jamf. However, if that same user manually creates his/her Exchange O365 account in Mail.app, he/she will get challenged via MFA to complete the app trust as expected. Therefore, users won't receive email because the Apple Mail.app is not trusted. I'm having issues getting MFA to work on iOS devices that are managed with a Exchange MDM profile.Ĭurrently, if I deploy a Meraki Exchange Profile to an iOS 11 device, users who has been set up for MFA in O365 never get prompted for MFA (other than filling out his/her password string). I am getting ready to enable/require MFA for O365. Anyone out there using O365 & Multi-Factor Auth (MFA) with the iOS Mail.app for Exchange email?
0 kommentar(er)
