Microsoft Authenticator App: Improve security with number matching

Last Updated on 19. November 2022

The use of multi-factor authentication is considered one of the most secure methods to protect an account and is therefore recommended by pretty much every provider by now. Due to this fact, the user receives many multi-factor authentication requests every day, which are probably no longer considered carefully and are approved out of habit.
Microsoft introduces number matching, a method that can prevent blind approval of the request.

For existing users with the Microsoft Authenticator App, number matching will be enabled by default on February 27, 2023.
The following tutorial will immediately enable number matching and therefore increase login security.

Prerequisites and Licensing

• Microsoft Authenticator app is installed in the latest version on iOS or Android
• Azure AD multi-factor authentication is set up with push notification to users’ smartphones
  (see post User guide: Enabling multi-factor authentication – cloudcoffee.ch)
• no additional license is required
  

Activate number matching

Number matching is enabled in the Azure Portal.

Sign-in to the Azure Portal (https://portal.azure.com) and select “Azure Active Directory” > “Security”

Select “Authentication methods”

Select “Policies” > “Microsoft Authenticator”

Select the target group under “Enable and Target” for which the additional information should be displayed in the Microsoft Authenticator App. It is recommended not to make any restriction here (Select “All users”).

Enable the option “Require number matching”.

Finally save the configuration by clicking “Save”.

The next time you sign in to Microsoft 365 or Microsoft Azure, a number will appear with a prompt to confirm the sign-in via multi-factor authentication.

The displayed number will now be entered in the Microsoft Authenticator App to successfully approve the sign in.