May 13 2021 05:17 PM
May 13 2021 05:17 PM
I am looking to prompt my users through the Microsoft Authenticator app when their user risk reaches high. I am using several third part security tools to calculate risk for each user and would really like to be able to prompt users through the MS Authenticator app using a push notification. Is this even possible?
May 14 2021 01:46 AM
May 14 2021 02:15 AM
May 14 2021 05:47 AM
@Schnittlauch and @ChristianJBergstrom , thanks for the replies. When I was reading through the docs for Identity Protection, I saw that you can configure User Risk policies, which ultimately lead to a Block or Allow (with password change) option, or you could configure Sign In Risk policies, which lead to Block or Allow (with MFA prompt). I am actually looking for a blend of the two, where users aren't necessarily signing into any new applications, but are exhibiting enough risk I would like them to confirm their identity in the Authenticator app.
I would like to refine my question to, Is is possible to prompt a user to authenticate through the MS Authenticator app on demand?
May 14 2021 06:37 AM
@joeldavideng Hello, if you have AAD P2 with Identity Protection, sign-in risk and user-risk can be evaluated as part of a conditional access policy. If you then select "require MFA" and also have configured the authenticator app as the only MFA option it should be triggered.
May 14 2021 01:09 PM - edited May 14 2021 01:10 PM
@ChristianJBergstrom, I was able to set up a conditional access policy that only prompts a user for MFA if their risk is high when the user logs in, but I was not able to trigger an Authenticator prompt mid-session or if the user is not logged in at all. I believe I will need to pursue other options for triggering prompts based on actions other than logins given the limited number of actions conditional access policies support. Thanks for your help.
May 14 2021 01:31 PM
May 14 2021 03:20 PM
May 17 2021 03:39 AMSolution
@joeldavideng we manually increase the risk of a user when we discover a breach somewhere else.
That way, the user is prompted for a password change (forcing MFA is not possible ATM).
May 17 2021 04:35 AM
May 18 2021 01:20 PM