Previously in public preview, Microsoft Authenticator security features are now Generally Available for your organisation! So, how will this affect you?
Admins can now use number matching, location context, and application context to prevent accidental approvals in Microsoft Authenticator. For those that might not be aware of the terminology, number matching involves entering a number into the Authenticator app that matches the one presented to the user.
On top of this, admins can now also better manage the Microsoft Authenticator app with new Admin UX and Admin APIs (Application Programming Interface). Admin UX refers to the Admin user experience, which refers to the experience the user takes away from interacting with that product.
With the rise of Multi-Factor Authentication (MFA) fatigue attacks, critical security features are enabled to eradicate threats before they become a problem. An MFA fatigue attack involves bombarding a user’s authentication app with push notifications until they accept, allowing them to gain entry to their account or device.
Number matching in Microsoft Authenticator
By the end of February 2023, number matching will be enabled for all Microsoft Authenticator users. Admins can make it a requirement for users to number match when approving an MFA request in Authenticator. This not only prevents accidental approvals, it helps defend users against the MFA fatigue attacks mentioned prior.
Additional context in approval requests
Showing users additional context in Microsoft Authenticator notifications is another way to reduce any accidental approvals. The following contexts can be selected by Admins to be displayed to users:
- Application context: Users see which application they’re signing into
- Location context: Users see their sign-in location based on the IP address of the device they’re signing into
Updated Admin UX and APIs
The refresh Admin UX and APIs will help Admins better manage their Microsoft Authenticator features. The new Configure tab in the Admin UX allows different features to be enabled or disabled. It also includes the ability to exclude groups from features, a highly requested feature, which will help with smoother feature rollouts.
Note: Once number matching has been enabled for all at the end of February 2023, these rollout controls will be disconnected.
Ongoing security and usability optimisations
Microsoft Authenticator is working on constantly innovating and improving its security and user experience features. For example, the iOS app now includes App Transport Security (ATS), which improves the privacy and data integrity between Authenticator and web services.