An emerging threat to the cybersecurity landscape is the social engineering attack called MFA fatigue. Microsoft has enabled new features with their implementation of MFA that will help protect users from falling victim to these attacks. These features were made generally available in November and will become default configurations for Microsoft customers in February 2023. If you would like to enable them now, please read on.
There are three new features you can enable now to improve your security posture. First, is number matching. When you try to log in to an Office 365 computer from a new device you will be asked to enter the number you see on the device into your Microsoft Authentication App. The second and third new features are informational and will help the end user recognize if they are being harassed by a hacker. “Show application name in push and passwordless notifications”; This feature will tell you what application is trying to log in. “show geographic location in push and passwordless notifications”; This feature will show a map of the location the login attempt is happening from.
How to enable:
Log into https://portal.azure.com and in the search bar type “security”. Then under the Manage heading on the left navigation select “Authentication Methods”. This will show you a Policies menu with the Microsoft Authenticator method available. Choose Microsoft Authenticator and ensure it is enabled and targeted at your users and then select Configure. On The Configure page make sure that all the options are enabled.
My company, GLM West, inc., offers consulting services that can help you with this and other IT outsourcing services, check out our website for more info! https://www.glmwest.com
Comments