Nowadays it is not a question if you’re getting hacked but it is a matter of time when you’re getting hacked. So it is extremely important to use all resources for protecting users and creating awareness. Today my blog is all about the new Advanced Authenticator Security features which Microsoft recently announced.
Why is it so important?
Multi Factor Authentication (MFA) spraying is a rising method for hackers to gain access to company data. Nothing is more annoying then getting MFA prompts all the time. A mistake is easily made to approve an MFA request, especially when a user is not aware enough of the consequences and security risks. Hackers take advantage of this. In the past months multiple large organizations were breached by this method.
Enable Advanced Authenticator Security Features
Before enabling the advanced features it is important to know that there is some “user impact”. The behavior of MFA request will change so my advise is to use pilot-users and adoption for a smooth transition.
Number matching
To prevent accidental approvals and create user awareness we are going to migrate from an accept/decline request to requiring users to enter the number which is displayed on the sign-in screen.
- Navigate to https://portal.azure.com
- Open Security
- Open Authentication methods and choose Microsoft Authenticator
- Choose Configure
- Enable number matching by changing the status under Require Number Matching for push notifications to Enabled
From now on – when users get a MFA prompt – they will be required to enter a matching number in the Microsoft Authenticator App to accept a MFA request.
User experience
Add application and location context to MFA pop-ups
The next step is to add application and location context to a MFA pop-up. Users will be notified from which application the request originates and will get a location based map from where they are signing into.
- Navigate to https://portal.azure.com
- Open Security
- Open Authentication methods and choose Microsoft Authenticator
- Choose Configure
- Show application name by changing the status under Show application name in push and passswordless notifications to Enabled
- Show location by changing the status under Show geographic location in push and passwordless notifications to Enabled
User experience
Thank you for reading this blog. Add this website to your bookmarks to keep updated about new developments in the Modern Workplace world.
Feel free to contact me and connect on Linkedin!