On February 27th, 2023 Microsoft will be making a change to their Authenticator app to enhance security by enforcing “number matching” in place of one time codes.
Microsoft posted this to their official documentation page:
“Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. We will remove the admin controls and enforce the number match experience tenant-wide for all users starting February 27, 2023.”
After this change, when a user signs into their Microsoft account, they will be presented with an “Approve sign-in request” window that displays a number. Additionally, the user will receive a push notification on their phone asking to “Approve sign-in”.
The user will need to open the Microsoft Authenticator App on their phone and type in the number provided on their computer screen. See the video below for a side by side view of a user’s phone and computer screen during the new process.
This change will only apply to those users that have Microsoft Authenticator set as their default authentication method. The Microsoft Authenticator is the recommended method and by far the most secure way to protect your Microsoft account. We strongly encourage anyone using SMS or automated call authentication methods to consider the switch to the Microsoft Authenticator app.
This security enhancement will help mitigate MFA fatigue attacks such as MFA bombing. Users are still encouraged to never share MFA codes or numbers with anyone as Microsoft will never ask for this information.
APPLE WATCH USERS: Number matching is not supported by Apple Watch notifications at this time. Apple Watch users should remove their Microsoft Authenticator app and sign-in using their smart phone or alternate device.