MDM mail profile management, no duplicate password prompt/remove app password requirement
When a mobile device (specifically iPhones tested at this point) is enrolled into 365 MDM, you have the option to control the mail profile on the device.
When this option is ticked, after enrolling the device through the company portal app, we would expect the mail profile to be complete and require no further interaction from the users.
This however, is not the case, and the user is prompted for a password from the native mail app on the phone.
When MFA is not enabled on the account, the standard account password works.
When MFA is enabled on the account, you MUST use an app password.
As the native mail app supports the modern sign in process, I am confused as to;
A. why the user is prompted for a password at all, considering the profile has been setup for them, and they have already completed authentication (Outlook for iOS does not generate additional prompts after enrollment)
B. Why an app password is required again seeing as how the native mail app supports modern sign in and would expect it to simply provide an MFA challange to accept as a worst case
If enrollment is not required for the device, and a user adds the account to the phone manually, they get modern sign in experience and are only challanged to authenticate once, regardless of MFA status.
The app works with and supports MFA and modern sign in.
I would like to see this additional password prompt removed, as we frequently have profile issues that require a user to remove the profile and re-add it, meaning the prompt for another app password every time this is done is a very poor user experience.