Request code during MFA authentication - Conditionnal access
To reduce the risk of identity theft or employee that always press approve on their mobile phone during the 2 step validation, could it be possible to add a request code so the user can validate that he/she approve a legitimate authentication request?
For integrity purpose, this process will give the opportunity to the end-user to easily identify from which application he/she initiate the authentication and approve the right request on their mobile device during the MFA notification (phone call or by the Authenticator app).
This feature is already in place for 2FA validation for personnal account (hotmail.com email address for example) and we would like to have this option for EMS licence in conditionnal access.
This is how it currently works using Hotmail's 2 step approval MFA, as your photo depicts, so I don't understand why this is not also the case with an enterprise solution (O365 E5, etc.)...
Dana Smith commented
This functionality should be added to Azure MFA rapidly. As AAD continues to be adopted as an IM platform and frequency of authentication request increases, the lack of this code creates a significant security risk.