Advanced Microsoft Authenticator security features are now generally available!

After announcing the public preview of critical Microsoft Authenticator security features, we’re thrilled today to share that these features are now Generally Available for you to further secure your organization:

• Admins can now prevent accidental approvals in Microsoft Authenticator with number matching, location context, and application context.
• Admins can now better manage the Microsoft Authenticator app with new Admin UX and Admin APIs.

Microsoft Hardens Authenticator App to Prevent MFA Fatigue by Tony Redmond

Open full article

How to setup new MFA Options

How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy

1. In the Azure AD portal, click Security > Authentication methods > Microsoft Authenticator.
2. On the Basics tab

• MFA Number Match
  To prevent accidental approvals and defend against MFA attacks, admins can require users to enter the number displayed on the sign-in screen when approving an MFA request in Authenticator. 
  https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match
  
• MFA Additional Context
  This topic covers how to improve the security of user sign-in by adding the application name and geographic location of the sign-in to Microsoft Authenticator passwordless and push notifications.
  https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-additional-context

Defend your users from MFA fatigue attacks

With increasing adoption of strong authentication, multi-factor authentication (MFA) fatigue attacks (aka, MFA spamming) have become more prevalent. These attacks rely on the user’s ability to approve a simple voice, SMS or push notification that doesn’t require the user to have context of the session they are authenticating.

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/defend-your-users-from-mfa-fatigue-attacks/ba-p/2365677