MicrosoftTip: For Apple Watch users, I found that disabling App-Lock in MFA resolved the "Something went wrong" error if helpful.
User Experience: Some end users have been confused after pressing "Approve", and closing their mobiles, missing the additional Unlock prompt and failing MFA so we are experimenting with settings, again disabling App-Lock helps in some cases when balancing risk.
Suggestions: I like the Location based prompt, although using Proxy services could cause confusion, so was wondering if in future it would be possible to LABEL trusted IPs (CIDR/ACLs) with more friendly terms such as "Contoso Data Center" to be more meaningful for end users?
If a user fails multiple MFA attempts, could this trigger a series of security based actions (including alerts) rather than just a lock-out? Using a SIEM with MCAS can be useful but not as proactive or timely. Scenarios could involve sending a trigger alert (admin or SOC notification/e-mail), taking a photo (taking privacy considerations into account), or other actions defined by Organisation IT and Security teams for managed devices. This could be an interesting avenue to explore further..
