How to enable MFA number matching in Microsoft Authenticator?
Due to breaches involving MFA bombing (attacker keeps sending MFA requests until accepted) now is the time for organizations with Office 365 to enable MFA number matching in Microsoft Authenticator. You can deploy to a group before configuring for all.
In the Azure AD Portal, go to Users, Per-user MFA, Service Settings 1st option “app passwords” should be set to Do not Allow. Call to phone & Text message to phone should be unchecked unless there is a valid reason.
In the same MFA service settings page as above ensure that the “trusted ips” box is unchecked or MFA will be bypassed for the public ip ranges shown. If this is checked, validate the IP ranges are appropriate but recognize this bypasses MFA for authentications from these IPs.
References:
https://blog.onevinn.com/how-to-enable-mfa-code-matching
https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match
Due to breaches involving MFA bombing (attacker keeps sending MFA requests until accepted) now is the time for organizations with Office 365 to enable MFA number matching in Microsoft Authenticator. You can deploy to a group before configuring for all.https://t.co/t84oaIyiNH
1/3 pic.twitter.com/9phZUgILXI— Sean Metcalf (@PyroTek3) September 16, 2022