Howdy folks,
Last year, we shared ‘It’s Time To Hang Up On Phone Transports for Authentication’. Today, we are making Microsoft Authenticator even more secure for our users and easier to rollout for our admins.
We would love for you to try these security upgrades to Microsoft Authenticator and let us know your thoughts! For more details about these exciting features please read below:
To increase security and reduce accidental approvals, admins can require users to enter the number displayed on the sign-in screen when approving an MFA request in Authenticator.
To learn how to enable number matching for your users, click here.
Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. This feature will show users which application they are signing into and their sign-in location based on IP address.
To learn how to enable additional context for your users, click here.
Admins can now use Conditional Access policies to restrict resource access to the boundaries of a specific country by using the GPS signal from the Microsoft Authenticator.
Users with this feature enabled will be prompted to share their GPS location via the Microsoft Authenticator app during sign-in. To ensure the integrity of the GPS location, Microsoft Authenticator will deny authentication if the device is jailbroken or rooted.
To learn more, check out admin documentation, Graph API documentation, and FAQ page.
Using the Microsoft Authenticator Registration Campaign, you can now nudge your users to set up Authenticator and move away from less secure telephony methods. The feature targets users who are enabled for Microsoft Authenticator but have not set it up. Users are prompted to set up Authenticator after completing an MFA sign-in and after the set-up experience their default authentication method is changed to the Microsoft Authenticator app.
To learn how to enable a Registration Campaign for your users, click here.
We want to hear from you! Feel free to leave comments down below or reach out to us on aka.ms/AzureADFeedback.
Regards,
Alex Simons (@Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division
Learn more about Microsoft identity:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.