After enabling Extended Protection on Exchange Server 2019 CU14, accessing OWA via Secure Web iOS is no longer possible.

Users accessing Outlook Web Access (OWA) through Secure Web on iOS are continuously getting http 401 login prompt.

The issue is not seen when using other browsers like Chrome or Microsoft Edge.

You can deploy a different browser that is based on a Chromium engine (Google Chrome, Microsoft Edge...) and use Citrix Secure Access client (former Citrix SSO app), for per-app VPN access.

References:
iOS: Set up Citrix Secure Access for iOS users | NetScaler Gateway Clients 
Android Enterprise: Managed configurations policy | XenMobile Server (citrix.com)

Problem Cause

WebKit based browsers do not currently support Exchange Extended Protection.

Reference: Exchange Server support for Windows Extended Protection | Microsoft Learn