Latest Microsoft Authenticator App/ MFA Improvements

Exciting new improvements in the Microsoft Authenticator front. This is a step towards phishing attacks that can lead to accidental MFA approvals. We all know about MFA fatigue by now and how much damage a bad actor can make when an account holder makes one wrong move. This will trend will not stop, but this is a great way to change the behavior of just accepting an auth request.

Make sure your users know about these changes so their login experience will be seamless.

Make sure the Microsoft Authenticator app is updated and in the latest version so the new changes will work.

What I will be covering below 👇🏾

  1. Newly Introduced Features
  2. Configure Entra Portal for New Updates
  3. User Experience
  4. What if this is actually a bad actor?
  5. Wrapping Up

Newly Introduced Features

  • Number matching in Microsoft Authenticator MFA experience 
  • Show application name in push and passwordless notifications
  • Additional context in Microsoft Authenticator approval requests

Let’s check them in play now.

Configure Entra Portal for New Updates

Login to https://entra.microsoft.com > Azure Active Directory > Protect &Secure > Authentication Methods > Policies

Make sure Microsoft Authenticator is Enabled – Select this for the users you want to pilot this option.

Click on Configure

Require number matching for push notifications

Show application name in push and passwordless notifications

Show geographic location in push and passwordless notifications

If you leave the Status in Microsoft managed, then it will be enabled by Microsoft at the an appropriate time after the preview.

Advise the users and turn them on according to your requirement and select the users or add all users and exclude the users whom you think can go after the test has been completed.

User Experience

Now when the users try to login into the company resources (eg: office.com), they will be prompted as below.

What if this is actually a bad actor?

The below settings were already there and nothing new but it is ideal to set these settings so your users are covered and you can minimize the What If’s.

Settings to configure

Entra Portal > Azure Active Directory > Protect & secure > Multi Factor Authentication > Fraud Alert

Advise the users regarding the steps they need to carry on.

If you enable Automatically Block users who report – Specially advise your users prior to possible disruptions

Set the notification so IT will be notified when the user reports the fraud

Now when they receive the MFA auth prompt, they can press No, it’s not me option

Once that’s done, they will get the below message

If they press Report, the account will be blocked and IT will be notified.

Unblock the user from Block/ Unblock users section

Wrapping Up

In this way, with a quick config, you can easily add one more step so the users will consciously perform MFA and enable the below settings to ON and by setting up Fraud Alerts, they have a way to quickly inform IT about auth prompts that they didn’t expect to appear on the phone.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.