Forum Discussion
Is it possible to prompt a user to authenticate through MS Authenticator when their risk increases?
I am looking to prompt my users through the Microsoft Authenticator app when their user risk reaches high. I am using several third part security tools to calculate risk for each user and would really like to be able to prompt users through the MS Authenticator app using a push notification. Is this even possible?
joeldavideng we manually increase the risk of a user when we discover a breach somewhere else.
That way, the user is prompted for a password change (forcing MFA is not possible ATM).
- Hello, yes I believe so. But you would have to use AAD P2 with AAD Identity Protection and also only make the Authenticator app available as the MFA option.
- SchnittlauchSteel ContributorHi joeldavideng ,
I'll follow ChristianJBergstrom . Here is a link with all informations about Identity Protection.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
Best regards,
Schnittlauch
"First, No system is safe. Second, Aim for the impossible. Third no Backup, no Mercy" - Schnittlauch
My answer helped you? Don't forget to leave a like. Also mark the answer as solved when your problem is solved. 🙂- joeldavidengCopper Contributor
Schnittlauch and @ChristianJBergstrom , thanks for the replies. When I was reading through the docs for Identity Protection, I saw that you can configure User Risk policies, which ultimately lead to a Block or Allow (with password change) option, or you could configure Sign In Risk policies, which lead to Block or Allow (with MFA prompt). I am actually looking for a blend of the two, where users aren't necessarily signing into any new applications, but are exhibiting enough risk I would like them to confirm their identity in the Authenticator app.
I would like to refine my question to, Is is possible to prompt a user to authenticate through the MS Authenticator app on demand?