Difference between single "Approve" push MFA, and "match the number" push MFA in Office 365?

Iron Contributor

How do I force enable Azure AD MFA on my Microsoft 365 tenants to use the "match the number on screen" push MFA via the Microsoft Authentor app, versus the older traditional single step "Please click Approve" style of push MFA?

3 Replies

Hi Robert,


To enable it in your Tenant, you need to enable the users for preview features and also enable 'Microsoft Authenticator passwordless sign-in' from Azure AD (Screenshots below) and then point your users in your organization to this url.


Check this URL for more info on how to set it up!


Hope this helps!








That depends on the application you are connecting to, and its implementation of the ADAL/MSAL methods. You cannot centrally govern it.


Totally agree, depends on application and the way it’s configured.