Jun 07 2020
- last edited on
Feb 01 2023
How do I force enable Azure AD MFA on my Microsoft 365 tenants to use the "match the number on screen" push MFA via the Microsoft Authentor app, versus the older traditional single step "Please click Approve" style of push MFA?
An additional data point is that my user base are on a 'mixed' set of licensing. Some are Microsoft 365 Business Premium licensed, while others are on Microsoft 365 Business Standard. Does my tenant need to be all on a specific license of Microsoft 365 Business, in order to get the more "modern" version of the Azure AD MFA, where the user is asked to match the number on screen, with the number on the Microsoft Authenticator app?
Jun 08 2020 02:39 AM
Are you referring to the capability of selecting 1 of 3 numbers at sign in? If you are then this isn't MFA, this is password less sign in and allows users to select a number instead of entering a password. MFA is a an additional security measure after a password has been entered. There are steps to implement password less sign in here https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-password...
The mix of licences will have no affect on you deploying this.
Jun 08 2020 06:08 AM
Sorry yes I did mean Microsoft Authenticator Passwordless Sign In.
The accounts in question are added properly in Azure AD's Security Preview section. Does the user's Microsoft Authenticator app also have to be specifically set for "Passwordless Enabled" by the end user, or should that be automatically set when the user is added to Microsoft Authentication Passwordless signin, in Azure AD?