Enable number matching and additional context with Microsoft Authenticator – Azure AD

General Introduction

It’s been a long time since Microsoft released number matching and additional context for the Microsoft Authenticator. These features allow you to quickly improve your MFA posture, adding a new layer of security and preventing accidental approvals. This is also useful to lower the chances of being compromised by MFA fatigue attacks.
The feature consists in a map shown on your MFA prompt on your phone that indicates where the MFA request is coming from, the name of the application requesting the MFA challenge, and a box to insert the number that will be shown on screen.

How to enable it

To enable these features follow this link, which will guide you into Azure AD > Security > Authentication methods:

Authentication methods | Azure AD

From here, click “Microsoft Authenticator“.

Click “Yes” under “ENABLE“, then on “Configure“.

Be sure to activate “Require number matching for push notifications“, “Show application name in push and passwordless notifications” and “Show geographic location in push and passwordless notifications“, then save.

You can scope the features to a selected group of users if you want to test them out and go for a gradual rollout. This is done by selecting “Select group” and adding the group for which you want to enable the feature.

Additional notes

Check out this article if you are looking for a communication to send out to users before rolling out the features:

Additional Context and Number Matching User Guide – MFA

Here is a link to the Microsoft Documentation:

How to use number matching in multifactor authentication (MFA) notifications – Authentication methods policy

Here is a link to the CISA documentation on the topic:

Implementing Number Matching in MFA Applications | CISA