3 Numbers option with Microsoft Accounts -> will this be coming to Azure MFA?
Hello, with Microsoft Accounts that have MFA enabled, the authenticator app is sent three numbers, of which one was shown on the original authentication page, and you need to select the correct number in the app in order to then approve the sign-in. I'm wondering if this functionality will be coming to Azure MFA / Office 365 MFA. Any idea? Thanks in advance.
Phone sign-in feature is what you are referring to here I think. I think this is coming to Azure MFA, just not sure when. The Approve/Deny is not the best user experience (agreed), as users just get into a habit of just hitting Approve all the time, and do not necessarily think about if they initiated the request when they get one in the app. In order for them to deny when they should be choosing it, they need better wording from the prompt (push notification) in the Authenticator app. Something descriptive about the device (user agent string) and location the request came from may assist the user in deciding to Approve/Deny, or even re-phrasing the prompt to something that says "Did you initiate a request to sign-in to SERVICENAME, on DEVICENAME, from COUNTRYNAME? Please select Yes if you did initiate this request, or No, if you did not initiate this request." Then admins can audit the MFA logs in Azure around Deny or No selected to determine if they need to investigate an attempt to compromise an account.