![]() ![]() You can configure these settings to enable number matching for all the Authenticator Application users, or you can target specific users or groups. The Configure tab is where you will find the number matching settings as per the image below.Īt the moment, these settings shown in the above image can still be changed as needed. I can target all users and add an exclusion for some groups of users as an example. You can target specific users or groups and you can add exclusions as required. ![]() You can still make changes to these settings after. The two modes available are Passwordless and Push. In my instance I’ve configured All Users with Any authentication mode. The Enable and Target tab allows you to configure which users are allowed to use the Microsoft Authenticator application as an authentication method. ![]() I’ve selected Microsoft Authenticator and I’m presented with the following window: This will determine which of your users are allowed to use the Microsoft Authenticator application, and this is also where the number matching settings can be configured. Microsoft Authenticator policies can be configured here. On the next windows select Authentication methods and then Policies. In the Azure Portal, open Azure Active Directory. Let’s review these settings in the Azure Portal ( ) In the current state, number matching can be enabled for all Microsoft Authenticator users, or for a select group of Microsoft Authenticator users. We can enable number matching for our users today, there is no need to wait for Microsoft to enable this. If they do not have the number prompt on their computer, they would not be able to approve the MFA request. With number matching, the user would have context around the MFA request to make better decisions. By implementing number matching, we can prevent users from accidentally approving MFA requests. There are many articles available about MFA fatigue attacks. The main reason for enabling number matching is to make the Microsoft Authenticator Application more secure. Microsoft will remove the admin controls and enforce the number match experience tenant-wide for all users starting May 8, 2023. ![]() Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |