blog.icewolf.ch

Let's talk about IT!
posts - 2198, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Microsoft Azure Active Directory MFA Number matching comes in 2023

Hi All,

Basic Authentication has been mostly disabled. And Attackers now search for new ways to compromise M365 Accounts.
If you use Microsoft Authenticator Push Notifications - good for you. There is a thing called "MFA Fatique" that Attackers use to gain access. They send so many Push Requests until a user is annoyed and clicks on "Approve".

As anounced in the Article below, the MFA Number Matching will be enabled for all M365 Tenants starting end of February 2023. This will prevent these Attacks as the User needs to know the Number from the Request to Approve the MFA Signin.

Defend your users from MFA fatigue attacks

How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy

Go to Authentication Methods in your Azure Active Directory Tenant



I have enabled Number Matching for a Group in my Tenant


That is the Request after login in to https://office.com


And this is the Screen on the Microsoft Authenticator on the Smartphone.
Please note that i have also enabled the following Settings:
  • Show Application Name in push and passwordless notifications
  • Show geographic location in push and passwordless notifications



Regards
Andres Bohren


Print | posted on Wednesday, November 16, 2022 9:54 PM | Filed Under [ Azure ]

Powered by:
Powered By Subtext Powered By ASP.NET