How to enable MFA number matching in Microsoft Authenticator

Browse By

Spread the love

How to enable MFA number matching in Microsoft Authenticator?

Improving the Microsoft Authenticator App Notifications with Number Matching  and Additional Context – Identity Man

Due to breaches involving MFA bombing (attacker keeps sending MFA requests until accepted) now is the time for organizations with Office 365 to enable MFA number matching in Microsoft Authenticator. You can deploy to a group before configuring for all.




In the Azure AD Portal, go to Users, Per-user MFA, Service Settings 1st option “app passwords” should be set to Do not Allow. Call to phone & Text message to phone should be unchecked unless there is a valid reason.


In the same MFA service settings page as above ensure that the “trusted ips” box is unchecked or MFA will be bypassed for the public ip ranges shown. If this is checked, validate the IP ranges are appropriate but recognize this bypasses MFA for authentications from these IPs.




Leave a Reply

Your email address will not be published. Required fields are marked *