cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Difference between single "Approve" push MFA, and "match the number" push MFA in Microsoft 365?

OneTechBeyond
Iron Contributor

‎Jun 07 2020 10:57 AM - last edited on ‎Feb 01 2023 11:04 AM by

‎Jun 07 2020 10:57 AM - last edited on ‎Feb 01 2023 11:04 AM by

Difference between single "Approve" push MFA, and "match the number" push MFA in Microsoft 365?

How do I force enable Azure AD MFA on my Microsoft 365 tenants to use the "match the number on screen" push MFA via the Microsoft Authentor app, versus the older traditional single step "Please click Approve" style of push MFA?

An additional data point is that my user base are on a 'mixed' set of licensing.  Some are Microsoft 365 Business Premium licensed, while others are on Microsoft 365 Business Standard.  Does my tenant need to be all on a specific license of Microsoft 365 Business, in order to get the more "modern" version of the Azure AD MFA, where the user is asked to match the number on screen, with the number on the Microsoft Authenticator app? 

Labels:
2,934 Views
0 Likes
2 Replies
Reply
2 Replies
Paul Turner

‎Jun 08 2020 02:39 AM

‎Jun 08 2020 02:39 AM

Re: Difference between single "Approve" push MFA, and "match the number" push MF

Hi @OneTechBeyond,

 

Are you referring to the capability of selecting 1 of 3 numbers at sign in?  If you are then this isn't MFA, this is password less sign in and allows users to select a number instead of entering a password. MFA is a an additional security measure after a password has been entered.  There are steps to implement password less sign in here https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-password...

The mix of licences will have no affect on you deploying this.

0 Likes
Reply
OneTechBeyond

‎Jun 08 2020 06:08 AM

‎Jun 08 2020 06:08 AM

Re: Difference between single "Approve" push MFA, and "match the number" push MF

@Paul Turner,

 

Sorry yes I did mean Microsoft Authenticator Passwordless Sign In.

 

The accounts in question are added properly in Azure AD's Security Preview section.  Does the user's Microsoft Authenticator app also have to be specifically set for "Passwordless Enabled" by the end user, or should that be automatically set when the user is added to Microsoft Authentication Passwordless signin, in Azure AD?

0 Likes
Reply