After announcing the public preview of critical Microsoft Authenticator security features, we’re thrilled today to share that these features are now Generally Available for you to further secure your organization:
For more details about these exciting features, please read below:
Last month, we talked about the increase in MFA fatigue attacks and recommended best practices organizations should adopt to increase their security. To protect you, we’ll automatically enable critical security features to tackle ever-changing threat vectors. In May 2023, we’ll enable number matching for all Authenticator users. We highly recommend that you leverage the rollout controls and deploy these exciting security upgrades to Microsoft Authenticator.
To prevent accidental approvals and defend against MFA attacks, admins can require users to enter the number displayed on the sign-in screen when approving an MFA request in Authenticator.
To learn how to enable number matching for your users, click here.
Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. Admins can now selectively choose to enable the following:
To learn how to enable additional context for your users, click here.
Admins can now better manage their Microsoft Authenticator app features with our refreshed Admin UX and APIs. Use the new “Configure” tab in the Admin UX to enable/disable different features. It now also includes the highly requested capability to exclude groups from features to assist with smoother feature rollouts.
Note: These rollout controls will be removed for number matching once it has been enabled for all in May 2023.
If you haven’t already, you can use Registration Campaigns to seamlessly deploy the Authenticator app within your organization with these security upgrades to better protect your organization.
The Authenticator app is constantly innovating to include enhanced security and experience features. Authenticator on iOS now uses App Transport Security (ATS). This security feature improves the privacy and data integrity between Authenticator and web services. This improvement is now enabled for all and does not impact how you use your app. In addition, users on Android can now search their accounts, with search on iOS rolling out soon.
As always, we want to hear from you! Feel free to leave comments down below or reach out to us on aka.ms/AzureADFeedback.
Best regards,
Alex Weinert (@Alex_T_Weinert)
VP Director of Identity Security, Microsoft
Learn more about Microsoft identity:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.