Configuring conditional access support for iOS applications
Apple iOS applications that use Safari for authentication do not provide sufficient device-specific information to accurately identify the device. Specifically, the Device Identifier is missing, which means Microsoft cannot identify the device or mark it as Enrolled. To mitigate this issue, configure Single Sign-On (SSO) so that the authentication requests are redirected from Safari to the Microsoft Authenticator app.