Microsoft MFA (Information) Number Matching and Location Mapping
The Microsoft Authenticator App has been updated to include number matching and location mapping for the Push Notification authentication methods.
This security update is required by Microsoft to increase security and reduce accidental approvals. The update requires users to enter the number displayed on the sign-in screen when approving an MFA request in the Authenticator app. This change only applies to the use of the Microsoft Authenticator App Push Notification option. All other authentication processes will remain the same.
When a user attempts to sign in, they will have the following experience:
- When signing into a UWM service, a number will be displayed in the sign in prompt.
- The attempted sign in sends a push notification to the user’s registered mobile device.
- Upon opening the push notification, the app displays the location map of the IP address where the attempted sign in occurred, and a text box and number pad.
- The user enters number from the sign in prompt into the authenticator app and taps Yes.
- The user gains access to the UWM service by matching the correct number.
Please Note: If the location map presented in the prompt does not match your physical location, this could be for reasons such as IP Address location, VPN use, and cell phone tower location. If you receive a prompt that you did not initiate, do not approve the prompt.
The following image shows the Microsoft Authenticator App Push Notification with number matching and location mapping on an iOS device. If you are viewing this article on a computer, you can securely install the Microsoft Authenticator App by using your Android or iOS device to scan the respective QR codes directly from Microsoft's website. If you are viewing this article on your mobile device, you can click the link to securely install it for Android from the Google Play Store, or for iOS from the App Store.