Azure AD MFA number matching and new features

Irritatingly Microsoft dropped support for Apple Watch in their Authenticator app. It seems to still receive notifications, but they don’t work.

Looks like this change was so they could introduce some new cool features though, so that’s good. Like showing you a number which you got to enter in the app, so you don’t end up accepting a spurious MFA request, as well as showing more information like the location and the app you are trying to access. Of these, number matching will be enabled for everyone in Feb, but we can enable it (and the other two features) now itself.

Doing this is straight-forward in the Azure AD portal. Go to Security > Authentication Methods > click on Microsoft Authenticator. Enable Authenticator, if not already. Then go to Configure.

Then flip each of the options to Enabled. :) That’s it!

You can choose a group of users or exclude users or groups.

Here’s what it looks like when a user now tries to do MFA.