Copilot for Microsoft 365 Tech Accelerator
Feb 28 2024 07:00 AM - Feb 29 2024 10:30 AM (PST)
Microsoft Tech Community

Difference between single "Approve" push MFA, and "match the number" push MFA in Microsoft 365?

Iron Contributor

How do I force enable Azure AD MFA on my Microsoft 365 tenants to use the "match the number on screen" push MFA via the Microsoft Authentor app, versus the older traditional single step "Please click Approve" style of push MFA?

An additional data point is that my user base are on a 'mixed' set of licensing.  Some are Microsoft 365 Business Premium licensed, while others are on Microsoft 365 Business Standard.  Does my tenant need to be all on a specific license of Microsoft 365 Business, in order to get the more "modern" version of the Azure AD MFA, where the user is asked to match the number on screen, with the number on the Microsoft Authenticator app? 

2 Replies

Hi @OneTechBeyond,


Are you referring to the capability of selecting 1 of 3 numbers at sign in?  If you are then this isn't MFA, this is password less sign in and allows users to select a number instead of entering a password. MFA is a an additional security measure after a password has been entered.  There are steps to implement password less sign in here

The mix of licences will have no affect on you deploying this.

@Paul Turner,


Sorry yes I did mean Microsoft Authenticator Passwordless Sign In.


The accounts in question are added properly in Azure AD's Security Preview section.  Does the user's Microsoft Authenticator app also have to be specifically set for "Passwordless Enabled" by the end user, or should that be automatically set when the user is added to Microsoft Authentication Passwordless signin, in Azure AD?