New Update Microsoft Authenticator - Advanced Security Features

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,283
MFA has shown in the past that its is exploitable. In August of 2022, Microsoft email users, even those with MFA on, were falling to a new phishing attack. Only a couple of weeks later, there were reports of hackers bypassing MFA and brute forcing passwords. Then there's also MFA fatigue or MFA spamming or push bombing attacks, which bombards the user with MFA push notifications in hopes that a user accepts the request and gives access to a threat actor by mistake.

To combat such attacks, Microsoft introduced "number matching" as an additional step in its Microsoft Authenticator app to enhance the security provided by Multi-Factor Authentication (MFA) last year. And from today, May 8, 2023, the Redmond giant is enforcing number matching for all users. Hence, users will need to enter the number provided into their Authenticator app when signing in.

The support article notes:
Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. We will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications starting May 8, 2023.
We highly recommend enabling number matching in the near term for improved sign-in security. Relevant services will begin deploying these changes after May 8, 2023 and users will start to see number match in approval requests. As services deploy, some may see number match while others don't. To ensure consistent behavior for all users, we highly recommend you enable number match for Microsoft Authenticator push notifications in advance.

You can find more details about Number Matching on Microsoft's official website.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,073
skimmed the article & MS official site, not sure I fully understand what it is saying, somewhat seems like MS is forcing you to use their MS authenticator app, rather than, eg, Authy, or...?? :unsure: or perhaps I do not understand...
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,283
skimmed the article & MS official site, not sure I fully understand what it is saying, somewhat seems like MS is forcing you to use their MS authenticator app, rather than, eg, Authy, or...?? :unsure: or perhaps I do not understand...
No forcing to use MS authenticator 😉

Rather it’s recommended as security improvement for users of Microsoft Authenticator, they can decide to enable:
"number matching" as an additional step in its Microsoft Authenticator app to enhance the security provided by Multi-Factor Authentication (MFA)


Number matching​

Number matching can be targeted to only a single group, which can be dynamic or nested. On-premises synchronized security groups and cloud-only security groups are supported for the Authentication methods policy.

Number matching is available for the following scenarios. When enabled, all scenarios support number matching.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,073

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,283

Microsoft Authenticator is now blocking suspicious MFA phone notifications by default​

In May, Microsoft Authenticator added a new feature that required all users to match the number sent by Microsoft before they could respond to a new MFA notification on their phone with the Authenticator app. This was made to help defeat the spamming of these kinds of notifications by hackers.

However, in a new blog post, Microsoft has announced it has extended this kind of protection for the Authenticator app. It states:
Following the deployment of this feature, we now suppress Authenticator notifications when a request displays potential risks, such as when it originates from an unfamiliar location or is exhibiting other anomalies. This approach significantly reduces user inconvenience by eliminating irrelevant authentication prompts.

Microsoft authenticator
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top