I had an issue with multi factor authentication on iOS while using the Azure Active Directory Authentication Library for iOS and macOS

When authenticating against my development Azure Active Directory instance I wouldn’t be forced to use MFA.

But, when authenticating against my production Azure Active Directory instance I would.

Obviously the Azure Active Directory instances are configured differently.

After a lot of fruitless searching, I fixed it by accident.

Old:

private let scopes = ["https://graph.microsoft.com/user.read"]

New:

private let scopes = ["https://graph.windows.net/user.read"]

Ugh… why?

Using graph.microsoft.com works against Microsoft Graph

Using graph.windows.net works against Azure AD Graph

Of course! 😕



https://docs.microsoft.com/en-au/azure/active-directory/develop/v2-permissions-and-consent