Microsoft Authenticator to Enable Number Matching Security Feature by Default in February 2023
Last month, Microsoft introduced support for number matching to its Authenticator app. The company has announced on the Microsoft 365 admin center that the new security feature will be enabled by default for all Microsoft Authenticator users worldwide in February 2023.
With number matching enabled, the Microsoft Authenticator app requires users to type a number displayed on the screen to complete the authentication process. Microsoft notes that the feature helps to prevent accidental approvals and provides protection against multi-factor authentication (MFA) fatigue attacks.
Moreover, the additional context feature enables users to view extra information while approving a sign-in request in Microsoft Authenticator. These include the app’s name and the login location based on the device’s IP address. Microsoft says that these additional details help users to understand the validity of a sign-in request.
Currently, Microsoft allows IT admins to configure number matching for end users in their tenant. However, the company is making number matching a default experience in its Authenticator app on February 27, 2023.
At that point, the admin controls to enable or disable the feature will be removed from the Azure AD admin center. Microsoft Authenticator will require users to do number matching otherwise their authentication will fail.
Number matching improves Microsoft Authenticator’s resistance against MFA fatigue attacks
Microsoft recommends users to install the latest version of the Authenticator app on their Android or iOS devices. However, keep in mind that the number matching feature isn’t supported on Apple Watch. Users will need to uninstall the Microsoft Authenticator Apple Watch app and approve the notifications on their mobile devices.
According to Microsoft, the number of MFA fatigue attacks spiked between December 2021 and August. The company reported 22,859 Azure AD protection sessions with multiple failed MFA attempts in December. The new number matching experience is part of Microsoft’s ongoing effort to increase security by default across Microsoft 365.
More in Security
Microsoft Discloses New 'Migraine' Flaw That Bypasses Built-In Protections on macOS
Jun 1, 2023 | Rabia Noureen
Microsoft Warns Chinese Volt Typhoon Hacking Group Infects Critical US Infrastructure
May 26, 2023 | Rabia Noureen
Microsoft Entra Introduces New Identity and Access Management Capabilities
May 24, 2023 | Rabia Noureen
New Microsoft 365 Defender Feature Automatically Blocks Adversary-in-the-Middle Campaigns
May 18, 2023 | Rabia Noureen
Microsoft Entra Boosts Security New Tools and Capabilities to Thwart Cyberattacks
May 10, 2023 | Rabia Noureen
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure
May 9, 2023 | Russell Smith
Most popular on petri