By Gregory Hall
Senior Cloud Architect
Systems Engineering
Administrators can now prevent accidental Multifactor Authentication (MFA) approvals in Microsoft Authenticator with number matching, location context, and application context. The uptick in MFA fatigue attacks has resulted in the need for organizations to review, adopt, and enforce security best practices. In the process of protecting Azure AD MFA sign-ins and mitigating such fatigue attacks, Microsoft will automatically enable critical security features designed to tackle ever-changing threat vectors.
Number Matching in Microsoft Authenticator MFA Experience
To prevent accidental approvals and defend against MFA attacks, admins can require users to enter the number displayed on the sign-in screen when approving an MFA request in Authenticator. Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. Admins can selectively choose to enable one of the following context notification options:
- Application context: Shows users into which application they are signing in.
- Location context: Shows users their sign-in location based on the IP address of the device they are signing into.
Ongoing Enhancements for Security and Usability
The Authenticator app is constantly innovating with enhanced security and experience features. Authenticator on iOS now uses App Transport Security (ATS). This security feature improves the privacy and data integrity between Authenticator and web services. This improvement is now enabled for all and does not impact how you use your app. In addition, users on Android can now search their accounts, with search on iOS rolling out soon.
Administrators will be able to better manage the Microsoft Authenticator app and its features with a refreshed Admin user experience that uses Microsoft Graph APIs for monitoring and management. The “Configure” tab in the admin portal can be utilized to enable/disable distinctive features, including the highly requested capability to be granular and exclude groups from being assigned certain features that may not pertain to the user group.
Note: These rollout controls will be removed for number matching once it has been enabled for all Azure AD MFA users in May 2023.
Helient highly recommends that staged rollout controls are leveraged to deploy these exciting security upgrades to Microsoft Authenticator before the May deadline.
Secure Your Organization with Expert Assistance from Helient
If you need assistance with rolling out the number matching feature in Microsoft Authenticator, Helient Systems, LLC can help. Our team of experts can guide you through the process, ensuring the rollout is smooth and has no adverse effect on the end-user experience when logging into their online accounts.
Contact us today to learn more about our services and how we can help you secure your organization with Microsoft Authenticator. If you want more information or assistance with any Microsoft products, please contact us at service@helient.com.