Exciting new improvements in the Microsoft Authenticator front. This is a step towards phishing attacks that can lead to accidental MFA approvals. We all know about MFA fatigue by now and how much damage a bad actor can make when an account holder makes one wrong move. This will trend will not stop, but this is a great way to change the behavior of just accepting an auth request.
Make sure your users know about these changes so their login experience will be seamless.
Make sure the Microsoft Authenticator app is updated and in the latest version so the new changes will work.
What I will be covering below 👇🏾
- Newly Introduced Features
- Configure Entra Portal for New Updates
- User Experience
- What if this is actually a bad actor?
- Wrapping Up
Newly Introduced Features
- Number matching in Microsoft Authenticator MFA experience
- Show application name in push and passwordless notifications
- Additional context in Microsoft Authenticator approval requests
Let’s check them in play now.
Configure Entra Portal for New Updates
Login to https://entra.microsoft.com > Azure Active Directory > Protect &Secure > Authentication Methods > Policies
Make sure Microsoft Authenticator is Enabled – Select this for the users you want to pilot this option.
Click on Configure
Require number matching for push notifications
Show application name in push and passwordless notifications
Show geographic location in push and passwordless notifications
If you leave the Status in Microsoft managed, then it will be enabled by Microsoft at the an appropriate time after the preview.
Advise the users and turn them on according to your requirement and select the users or add all users and exclude the users whom you think can go after the test has been completed.
Now when the users try to login into the company resources (eg: office.com), they will be prompted as below.
What if this is actually a bad actor?
The below settings were already there and nothing new but it is ideal to set these settings so your users are covered and you can minimize the What If’s.
Settings to configure
Entra Portal > Azure Active Directory > Protect & secure > Multi Factor Authentication > Fraud Alert
Advise the users regarding the steps they need to carry on.
If you enable Automatically Block users who report – Specially advise your users prior to possible disruptions
Set the notification so IT will be notified when the user reports the fraud
Now when they receive the MFA auth prompt, they can press No, it’s not me option
Once that’s done, they will get the below message
If they press Report, the account will be blocked and IT will be notified.
Unblock the user from Block/ Unblock users section
In this way, with a quick config, you can easily add one more step so the users will consciously perform MFA and enable the below settings to ON and by setting up Fraud Alerts, they have a way to quickly inform IT about auth prompts that they didn’t expect to appear on the phone.