Beginning May 8, 2023, Microsoft will implement a security upgrade within its Microsoft Authenticator application for multifactor authentication (MFA). Current users of "push notifications" within the authenticator app (our recommended method) will move to a number-matching procedure for improved sign-in security.
This security enhancement is designed to overcome MFA vulnerabilities, including "MFA fatigue", which is a technique used by cybercriminals to spam a victim with MFA push notifications. The goal is to trick the victim into assuming they are experiencing a system malfunction or simply spam the victim to the point they approve the request to make it stop.
The upgraded number match process will now provide users with more information about who, what, and where the authentication request was initiated to avoid confusion. With this enhancement, you will see:
-
-
the email address of the user requesting approval.
-
the application group that access is being requested for.
-
a map showing where the request originated from. Is it where you are located?
-
-
-
a number you must type into the authenticator app. Allows for a decision to be made before approving or denying an authentication request.
-
Desktop Version |
Mobile Version |
COURSE OF ACTION
All Systems Engineering clients with Office 365 MFA enabled will see this enhancement take effect on May 8, 2023. No action is needed, as the upgrade will automatically be enabled on all Microsoft Authenticator applications.
If you have questions about this security bulletin, please reach out to your Account Manager.
