Note: This message only applies to people who use the Microsoft Authenticator app for multi-factor authentication (MFA). It does not apply to SMS or phone call authentication.
Beginning on February 19, IOT is enabling a new number-matching security feature for the Microsoft Authenticator app. Depending on the application you are accessing, you may see this new feature when you use multi-factor authentication.
Why are we enabling this feature?
This feature will improve user sign-in security. When a user responds to a multi-factor authentication (MFA) push notification using the Authenticator app, they must type a two-digit number provided on the web application to approve the access request. This new step will discourage prompt spam – the user cannot accept the prompts without knowing the numbers, and generating multiple prompts is not effective.
What will this look like?
(Left – web application, Right – Authenticator app)
Note: Self-Service Password Management (SSPM) will also require a number match when using the Microsoft Authenticator moving forward.