I have been running iOS 12 developer betas for the purpose to testing Apple's Mail.app and OAuth (MFA - Multi-factor Auth) with O365 Exchange/ActiveSync.
I am able to build a MDM profile using Apple Configurator 2.8 (also beta). This beta version introduces the ability to create an Exchange payload with the new OAuth settings (which is a brain-dead simple boolean key/value pair of "OAuth = true").
The deployment and setup of the Exchange profile is smooth and easy. The final end-user step is the prompt enter a MFA code via SMS or the MS Authenticator app. Works great.
The problem I am experiencing is that Mail/Contacts/Calendar stop syncing after a couple hours. At this time, I see a generic "Failed to connect to server" error. There is no way to force a new session/token. No way to re-authenticate again. All ActiveSync-based services stop working until the MDM profile is removed and re-deployed again - Rinse & repeat.
I'm deploying the .mobileconfig profile to my test iOS 12 devices via USB (Apple Configurator) and Meraki MDM. Both yield the same results. The problem is not related to deployment. The problem clearly appears to be a session time-out or a token refresh failure.
MFA (multi-factor authentication) works great on our Macs and Windows PCs (including Outlook 2016, Skype for Business, Outlook Webmail, etc). Both SMS and the Microsoft Authenticator app work fine for one-time passcodes.
I have been able to reproduce this issue on multiple iOS devices running beta #5 and #6. I have rebuilt the MDM .mobileconfig profile numerous times (including creating it by hand in a test editor). Profile and payloads look perfect.
I am digging into O365 server/tenant logs now, but I don't see anything interesting yet.
Has anyone else experienced this issue? Any help or feedback is greatly appreciated.