Microsoft generally makes available advanced Authenticator features that give IT admins more control over accidental approvals and better management with a new admin UI and APIs.
According to Microsoft, the new administration features are designed to help protect against multi-factor authentication (MFA) fatigue attacks. The company says it will automatically enable critical security features to combat changing threat vectors, including number matching for all Authenticator users.
The company says number matching in Microsoft Authenticator helps prevent accidental approvals and defend against MFA attacks by allowing administrators to require users to enter the number displayed on the sign-in screen during approval of an MFA request in Authenticator.
In the Tech Community blog, Microsoft gives an example of the Authenticator app asking the user if they were trying to sign in and asking them to enter a number.
Also new to Authenticator is the ability to reduce accidental approvals by showing users additional context in notifications, such as the app trying to be viewed and the login location.
New features also include an updated admin UI and APIs to help IT pros better manage their end users, including a new “Configure” tab that allows admins to enable or disable various features . The app also now includes the ability to exclude groups from features to make it easier to deploy features.
Microsoft says admins can use Registration Campaigns to deploy the Authenticator app across their organization with the new security upgrades.
Additionally, Authenticator on iOS now uses App Transport Security to improve privacy and data integrity between Authenticator and web services. Microsoft says this is now enabled for each user and has no impact on how the app is used.
Android users can also search their accounts, and search on iOS will be rolling out soon. according to Microsoft.