Learn how to enable the new and more secure (in preview) number matching MFA notifications with Azure AD Authentication Methods Policy.
Number matching authentication vs. the default push notifications
The known MFA push notification with the options ‘Deny‘ or ‘Approve‘, can be a risk of accidentally approving the request which could have been initiated by someone else. A number matching authentication is therefore more secure. When an user responds to an MFA push notification using Microsoft Authenticator, they will be presented with a number. They need to type that number into the app to complete the approval.
When number matching authentication is setup, the user have to do an extra action, what will make them think more.
How to setup number matching authentication
- In the Azure AD portal, click Security > Authentication methods > Microsoft Authenticator.
- Select the target users, click the three dots on the right, and click Configure.
- Under Require number matching (Preview), click Enable, and then click Done
If you prefer, you can also enable the additional context notifications, what will look like this: