BOOK A MEETING

Number Matching and Additional Context in Microsoft Authenticator.

At the end of 2021, Microsoft announced new functionalities within the Microsoft Authenticator MFA application. These are:

Number Matching

Additional Context

Number Matching

Many organisations and their employees may be used to approving MFA push notifications in the app as part of multifactor authentication when using the Authenticator application.

Until the end user taps ‘Approve’, the application or page you want to consult will not be accessible, however the tap to ‘Approve’, has some risks. Users can miss or accidentally tap ‘Approve’ and give way to malicious activity, because it is too simple for many users. After securing credentials, the malicious party can spam an end user with notifications in the Authenticator app. The risk that can arise is that an end user is unaware of the situation and click on ‘Approve’ to get rid of the many notifications.

Fortunately, Microsoft now offers a solution for this with ‘Number matching’. With number matching, you will see a number on the page or application where authentication is made after the user logs in. You have to enter this number in the prompt that shows the Authenticator application.

Retyping the number may be a little less user-friendly, but it greatly reduces the chance of a security weakness.

Additional context

To improve the legitimacy of an MFA notification in the Authenticator application, you can use ‘Additional context’ in Azure to give more context to these notifications. As a result, you as an end user get more recognition about the origin of the notification and you can better assess whether the notification is legitimate. The extra context is given by adding two parts in the notification;

  • Location from which authentication is made.
    When an end user, or a malicious person, tries to log in, you will receive a notification in the Authenticator app that shows where geographically attempts are being made to authenticate. A side note is that this location is IP based. On the one hand, this does not give such an accurate picture of the actual location and there are also means conceivable for a malicious person to simulate a different location (IP based) than the actual location. On the other hand, a notification that indicates the origin of another country gives a clear and direct signal that something may not be right.
  • The application on which you log in.
    In the same Authenticator notification you can also show which application you are trying to log in to. This also gives an end user an indication of whether the Authenticator notification is legitimate. If you do not use the application shown in the Authenticator at that time, this may indicate a possibly non-legitimate notification.

You can easily highlight and test these two functionalities across your organisation, but we should note that these two new functionalities are only part of creating a totally safe environment. These methods must go hand in hand with awareness and education towards the end users.

Author: Tim Struik

Date of Publish: 19 July 2022

Resources

Our Voice

5 Ways to Evolve Your Remote Working Cyber-Security Strategy

Learn More

Our Voice

Closing Healthcare’s Cybersecurity Gaps With Endpoint Security.

Learn More

Our Voice

CWSI announced as one of Ireland’s Best Managed Companies

Learn More

Paul Conaty 

Paul Conaty is Client Solutions Director at CWSI, one of Europe’s most experienced mobile and cloud security specialists. Paul has over 20 years’ experience in the technology industry across engineering, technical and management roles.

Having joined the company in 2014, he heads up the Strategic Enterprise Mobility consultancy and advisory services division at CWSI. Here, he provides best-in-class strategic and tactical advice to customers in all sectors, both in Ireland and globally. He is passionate about delivering real business enhancements via secure technological solutions.

Before joining CWSI, Paul spent 13 years at UPC Ireland (now Virgin Media Ireland) across senior engineering and support roles. He is currently an Ambassador for the GDPR Awareness Coalition, where he aims to raise awareness of the data privacy obligations for companies resulting from the implementation of GDPR.

Paul is a thought leader and expert voice on cybersecurity, governance, data protection and compliance. With organisations around the world on increasingly high alert, Paul can give practical advice to businesses across all industries (from public sector to supply chain and SMEs) on how they can defend themselves against the rising threat of cyberattacks.

He can outline the steps that should be taken to protect company data, such as being aware of potential vulnerabilities and having a good understanding of the business’ IT infrastructure, implementing Multi-Factor Authentication, and carrying out user awareness training for employees around phishing threats.

Back to Resources Next Resource

Relevant Resources

Our Voice

What is Data Classification?

Discover the fundamentals of data classification, why it’s essential for secure information management, and how to implement it effectively in your organisation.

Learn More

Technology Talks

Achieving NIS2 Compliance

Tune into CWSI's Client Solutions Director, Paul Conaty, as he addresses key questions about the new NIS2 directive and its impact on organisations.