Microsoft has announced new Microsoft Authenticator features for business users that aim to make it more secure and easier to deploy for our admins.
New features include:
- Admins can now prevent accidental approvals in Microsoft Authenticator with numeric matching and additional context (Public Preview).
- Admins can now set up GPS location-based Conditional Access policies using Microsoft Authenticator (GA).
- Admins can now push their users to set up Microsoft Authenticator during sign-in using the Sign-up Campaign (GA) feature.
Number Match in Microsoft Authenticator MFA experience (Public Preview)
To increase security and minimize accidental approvals, admins can require users to enter the number displayed on the login screen when approving an MFA request in Authenticator.
To learn how to enable numeric matching, click here.
Additional context in Microsoft Authenticator approval request (Public Preview)
Another way to reduce accidental approvals is to show the user additional context in the Authenticator message. This feature will show users which app they are logged in to and their login location based on IP address.
To learn how to enable additional context click here.
Named Locations Based on GPS (Commonly Available)
Admins can now use Conditional Access policies to restrict resource access to a specific country’s boundaries using GPS signals from Microsoft Authenticator.
Users who have enabled this feature will be prompted to share their GPS location through the Microsoft Authenticator app while signed in. To ensure the integrity of the GPS location, Microsoft Authenticator will refuse to authenticate if the device is jailbroken or rooted.
Microsoft Authenticator Signup Campaign (Commonly Available)
Using the Microsoft Authenticator Signup Campaign, you can now push users to set up Authenticator and steer clear of less secure phone methods. This feature targets users who have Microsoft Authenticator enabled but have not yet set it up. Users are prompted to set up Authenticator after completing MFA login, and after experiencing the setup, their default authentication method is changed to the Microsoft Authenticator app.
To learn how to enable Subscription campaigns, click here.
Microsoft is urging admins to try these security upgrades for Microsoft Authenticator and provide feedback at aka.ms/AzureADFeedback.
https://mspoweruser.com/microsoft-rolls-out-new-microsoft-authenticator-features-for-enterprise-users/ Microsoft rolls out new Microsoft Authenticator features for business users