How to enable MFA number matching in Microsoft Authenticator

Browse By

Spread the love

How to enable MFA number matching in Microsoft Authenticator?

Improving the Microsoft Authenticator App Notifications with Number Matching  and Additional Context – Identity Man

Due to breaches involving MFA bombing (attacker keeps sending MFA requests until accepted) now is the time for organizations with Office 365 to enable MFA number matching in Microsoft Authenticator. You can deploy to a group before configuring for all.

Image

 

Image

In the Azure AD Portal, go to Users, Per-user MFA, Service Settings 1st option “app passwords” should be set to Do not Allow. Call to phone & Text message to phone should be unchecked unless there is a valid reason.

Image

In the same MFA service settings page as above ensure that the “trusted ips” box is unchecked or MFA will be bypassed for the public ip ranges shown. If this is checked, validate the IP ranges are appropriate but recognize this bypasses MFA for authentications from these IPs.

Image

 

References:

https://blog.onevinn.com/how-to-enable-mfa-code-matching

https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match

Leave a Reply

Your email address will not be published. Required fields are marked *

Featured