It’s been a long time since Microsoft released number matching and additional context for the Microsoft Authenticator. These features allow you to quickly improve your MFA posture, adding a new layer of security and preventing accidental approvals. This is also useful to lower the chances of being compromised by MFA fatigue attacks.
The feature consists in a map shown on your MFA prompt on your phone that indicates where the MFA request is coming from, the name of the application requesting the MFA challenge, and a box to insert the number that will be shown on screen.
How to enable it
To enable these features follow this link, which will guide you into Azure AD > Security > Authentication methods:
Authentication methods | Azure AD
From here, click “Microsoft Authenticator“.
Click “Yes” under “ENABLE“, then on “Configure“.
Be sure to activate “Require number matching for push notifications“, “Show application name in push and passwordless notifications” and “Show geographic location in push and passwordless notifications“, then save.
You can scope the features to a selected group of users if you want to test them out and go for a gradual rollout. This is done by selecting “Select group” and adding the group for which you want to enable the feature.
Check out this article if you are looking for a communication to send out to users before rolling out the features:
Here is a link to the Microsoft Documentation:
How to use number matching in multifactor authentication (MFA) notifications – Authentication methods policy
Here is a link to the CISA documentation on the topic:
One thought on “Enable number matching and additional context with Microsoft Authenticator – Azure AD”