Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Approve login - Relation information

Copper Contributor

Hi All

 

To explain my questions a little bit:

- Sometimes Outlook needs a new Token a login-window appears - but I cannot see if this is from Outlook or from a source that I should not approve.
- Lately I had to connect to a rdp via a tdp gateway and the Authentictor App beeped. I feel uncomfortable  about the experience: How can I know that this my request and not a hacker that knows my password?

 

So my questions:

- Exists a setting in windows / setting in AAD/ tool /browser plugin / ... to show more information about the login request (for a Windows Application)?


- Is there a setting in the Microsoft Authenticator app to show more information about the request?
AppRegistration, Source IP?

Or is this feature request?

 

txs Flori

4 Replies
Hi Florian,

Quite simple, if you didn't sign in, don't accept the challenge.

You can manage the sign-in logs to view the MFA requestor within the Azure Portal - > Azure Active Directory > Select the user > Sign-in logs. There is a delay of approx—10 min. There you can filter by Device, Source IP, Application, etc. You can also monitor if an MFA challenge was accepted or rejected.

I hope this helps!
best response confirmed by Florian Grimm (Copper Contributor)
Solution
Hi BilalelHadd

May be it's overcautious,

- I cannot see which Application triggers the login.
How do I know if it is Outlook, Teams or any malware?
- I cannot see the relation of the login and the approve. The only relation is the time.
Checking the login after 10 minutes .. What about checking before approve?

cu Flori

@Florian Grimm 

I agree that when the MFA challenge appears, you can indeed not see which application asks for approval.  Because the application only can be checked within the sign-in logs. It also states which application (Teams, Outlook, SharePoint, etc.) See attached screenshot for an example. It also says that if the MFA was completed or rejected, you need to click on authentication details.

 

It would be a great feature to see which location and application you're trying to sign in to. I will deliver this feedback to Microsoft.

I have some good news for you, Microsoft just listened to your request ;) See the following blog post of Jan Bakker on how to enable the new functionally. Keep in mind that this is not officially supported yet. So don't enable the feature in production.

https://janbakker.tech/enable-location-information-and-code-match-for-azure-mfa/
1 best response

Accepted Solutions
best response confirmed by Florian Grimm (Copper Contributor)
Solution
Hi BilalelHadd

May be it's overcautious,

- I cannot see which Application triggers the login.
How do I know if it is Outlook, Teams or any malware?
- I cannot see the relation of the login and the approve. The only relation is the time.
Checking the login after 10 minutes .. What about checking before approve?

cu Flori

View solution in original post