Exchange Email authentification failure through enabled FACE RECOGNITION

If you weren´t aware about that, it sounds quite confusing, but it´s really an applied security measure from MS Exchange Active Sync...

The case was the following: I received a call from a user having issues configuring his email account with his newly acquired Samsung Galaxy S8. 

He got the error message 'Authentification failed' as soon as the user tried logging in with his credentials. I checked at that moment, there was neither an account locking in Active Directory nor a counted failed attempt.

I guided the user to check in OWA (Outlook Web Access) the list with connected phones. The S8 was listed with 'Access denied' and that the device isn´t within the applied security standards.

Interesting. But initially no idea since I needed more information and unfortunately I could not see the phone directly as the user was miles away. 

A few minutes after the call the user messaged that the figured out the issue himself: He disabled the 'face recognition' of his Samsung phone and the error message no longer occurred. Also, the entry 'Access denied' in OWA was also gone.

Quite surprising if you face that issue for the first time. But on the other hand companies need to apply some sort of policies nowadays with the usage of BYOD...