Posted by: kurtsh | January 27, 2023

HOWTO: Mitigating MFA authentication spamming with Azure AD MFA Number Matching

If you’re responsible for Azure Active Directory & use Azure AD Multi-factor Authentication… important notice:

HOWTO: Mitigating MFA authentication spamming with Azure AD MFA Number Matching
You may have heard recently about a technique used by bad actors called “authentication spamming” or “MFA phishing”.  It’s a method by which bad actors rapidly send MFA authentication messages to an end user in the hopes that they will “get annoyed” and eventually simply “approve” the authentication request to make it go away… allowing the bad actor access to your network.  (The technique is described in this article by our Director of Identity Solutions, Alex Weinart, here: Defend your users from MFA fatigue attacks)

clip_image001Solution: Azure AD MFA Authenticator Number Matching
If you are using Azure AD Multi-factor Authentication, we at Microsoft have implemented a technology in Azure AD MFA called “number-matching” which has dramatically helped to mitigate “authentication spamming” (MFA phishing) attacks while making it available for everyone in the world to use free of charge. We highly recommend enabling number matching ASAP for improved sign-in security.

Mandatory Enforcement – COMING FEBRUARY 27TH, 2023
We will be removing the admin controls and enforce the number match experience tenant-wide for all users starting February 27, 2023. i.e. Your staff will be required to use "number matching" when using Microsoft Authenticator as of March 1, 2023, so please investigate the implementation of number matching to eliminate authentication phishing in your organization immediately.

HOWTO: Deploy Azure AD MFA Number Matching
The following is a step-by-step guide on how to implement MFA number-matching on Microsoft Azure Active Directory & Microsoft Authenticator.

Assistance with Configuration
If you need assistance with getting this configured, contact your Microsoft Unified Support Customer Success Acct Mgr or your FastTrack Manager.


%d bloggers like this: