使用Apple Mail进行条件访问 [英] Conditional Access with Apple Mail
问题描述
我是
我正在尝试通过条件接收来配置MFA,但是当我启用这个myiOS时,Apple Mail应用程序仍无法正常运行需要任何额外的身份验证。
Hi,
I'm trying to configure MFA through Conditional Access, but when I enable this myiOS Apple Mail app still works without requiring any additional authentication.
然而,在试用该政策几周后,我的Apple Mail应用程序停止工作,我收到了来自我的Exchange服务器的电子邮件,告诉我有人尝试过设置两步验证。
However, after trialling the policy for a few weeks, my Apple Mail app stopped working and I received an e-mail from my exchange server telling me that someone had tried to set up two step verification.
你能解释为什么当我配置条件访问MFA时它根本不影响我的iOS Apple Mail应用程序,几周后它似乎打破了它(我本来期望的更快)。
Can you explain why when I configured Conditional Access MFA it didn't affect my iOS Apple Mail app at all, then a few weeks later it seemed to break it (which I would have expected a lot sooner).
您还可以通过条件访问MFA确认我如何保护Apple Mail应用程序吗?
Can you also please confirm how I protect the Apple Mail app via Conditional Access MFA?
谢谢,
Will North
Will North
推荐答案
如果您通过Azure条件访问策略应用MFA,该策略将在支持现代应用程序的客户端上应用多重身份验证。本机邮件客户端可能会绕过MFA。但是,如果您强制执行MFA(通过Azure AD MFA设置),它将对所有请求强制执行多因素
身份验证,因此本机应用程序(例如iOS客户端)将需要apppassword来访问服务。支持的应用程序(如Andriod / iOS上的Outlook应用程序)遵循现代身份验证流程并缓存MFA令牌(持续14天)并保持登录状态,直到令牌
无效(例如,用户更改密码或脱机更长时间)。  您还可以配置令牌生存期(MaxAgeMultiFactor)。 https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetime....
If you apply MFA via Azure Conditional Access Policy, the policy will apply multi-factor authentication on modern app supported clients. Native mail clients might bypass MFA. But if you enforce MFA (via the Azure AD MFA setting) it will enforce Multi factor authentication for all requests, so native apps e.g iOS client will require apppassword to access services. Supported apps such as the Outlook app on Andriod/iOS follow modern auth flow and caches the MFA token (for 14 days) and remain signed in until token is invalidated (e.g. User changes the password or goes offline for longer). You can also configure the token lifetime (MaxAgeMultiFactor). https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetime....
查看此类似帖子在那里我们讨论了这个问题。 https://social.msdn.microsoft.com/Forums/office/en-US/1d0b05b9-8837-41c6-b677-e850bfad84f1/gmail-app-not- request-mfa-conditional-access?forum = windowsazureactiveauthentication
See this similar post where we had a discussion about this. https://social.msdn.microsoft.com/Forums/office/en-US/1d0b05b9-8837-41c6-b677-e850bfad84f1/gmail-app-not-requesting-mfa-conditional-access?forum=windowsazureactiveauthentication
如帖子所述,您可能需要进入条件>客户端应用程序(预览)勾选"其他客户端" > ASC
As stated in the post, you might need to go into Conditions > Client Apps (Preview ) Tick "Other clients" > ASC
此外,请检查您的日志并确保您没有错误的版本: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
Also, check your logs and ensure that you do not have the wrong version: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
您是否检查过您的日志以查看可能失败原因的任何提示?
Have you checked your logs to see any hints for why it might be failing?
这篇关于使用Apple Mail进行条件访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
