Show the Country and App/OS that triggered the MFA request via Authenticator app pop up
If using the Microsoft Authenticator app with App Notifications for Azure MFA requests why can't we also have the Country and App or OS which has triggered the MFA request?
This will help users from blindly always tapping Approve and also give them more info on what app has requested MFA.
You can already see this info in the Azure AD sign in and audit logs so why can't it be pushed through to the app pop-ups too?
Ben Taylor commented
We've already experience examples where users have approved fake MFA requests as there is no context to better inform them.
Agree! This is crucial and should be a high priority to add in which app / OS / location which has triggered the request.
This should be a top priority! saves users from accidentally approving for no reason.
Jason Schwartz commented
Agreed! It should be more than country of request it should be city, state as well. App/OS would certainly be helpful but location is a MUST. You could add IP address.. all this info seems to be available in the Azure Security center for Admins but the user should have visibility when the request pops up inthe MFA request dialog.
Povl H. Pedersen commented
It is there for my personal microsoft account. Country and platform. Nothing for my company account.
Invaluable information if I keep getting prompted.
Arjun Ramakrishnan (Cloud) commented
I agree. For the average user, there is a tendency to hit the "Approve" button as soon as it pops up. This invalidates the security of MFA if an attacker initiates the login process and the user approves the MFA challenge because they don't see that the login is from another location than their own.
Displaying the country, IP and the app/website requesting the MFA will make it more secure.
Surprised that there are so few votes for this.
This is crucial to avoid the "approval" fatigue that users are falling victim to. Other vendors such as Ping and DUO provide this data "out of the box" on their authentication apps and a lot of this information is clearly available and being collected within our AAD tenant so it should just be a matter of correlating this activity and presenting the data back to the user to make an informed decision to "approve" or "deny" an authentication attempt. Get on it Microsoft!
More than the country, specific geolocation data. Duo does this.
I'm surprised that no more people have voted for this - I agree with Dan , what exactly am I authenticating - I would like Computer name and application. I have a work PC, laptop and home PC when I get a random request I don't know which one is asking for Authentication. Country / IP address would be good too but computer name would help me confirm what the request is for.