Microsoft Authenticator with Number Matching is a new, security-enhanced experience for Multi-Factor Authentication.
It helps address emerging “MFA fatigue” attacks—attackers can gain access when users reflexively hit “Approve” on an authentication prompt that an attacker generated.
GreenLoop recommends enabling this as the default option for Microsoft Authenticator.
Here’s an overview of the experience. This assumes you’ve already enabled your account for MFA in Office 365, and already have the Microsoft Authenticator app with notifications connected to your 365 account.
- After this is enabled, sign in to your Office 365 Account with your username and password:
- When prompted for Multi-Factor Authentication, rather than generating a notification that prompts you to Approve in your Microsoft Authenticator app, a number will appear in the app you’re trying to access:
- On your mobile device, you’ll get a notification as shown:
- Supply the number in the field, and click Yes to authorize and sign in.
- NEVER type in an authentication code provided by someone else over the phone/email/chat. GreenLoop will NEVER request that you do so. Any such requests may be an attempt to compromise your account—report to your IT contact immediately!
Microsoft Authenticator is strongly recommended over legacy methods such as SMS and code-based (TOTP). It’s more convenient, secure, and attack-resistant (especially when configured with Number Matching).
Even more secure options include Passwordless Authentication and FIDO2 keys. Contact us for more information in implementing one of these options.