New Microsoft Authenticator features for organizations

Martin Brinkmann
Nov 21, 2021
Security
|
4

Microsoft announced four new features for the company's Microsoft Authenticator application for organizations. The new security features improve Microsoft Authenticator's capabilities in several meaningful ways.

Two feature additions improve the sign-in experience. The first, Additional context in Microsoft Authenticator approval requests, adds more information to the confirmation prompt. The feature uses the device's IP address to display location based information and a map. It will also display the application that is requesting access.

microsoft authenticator additional context

Administrators need to enable push notifications for some users or groups using the new Authentication Methods Policy API.

ADVERTISEMENT

Administrators may combine the new security feature with number matching, yet another new feature that is available in public preview. Number matching requires users to enter a number in the Microsoft Authenticator application that is displayed on the sign-in screen.

microsoft authenticator number matching

Number matching can be enabled individually, or in combination with the extended context feature.

The third feature addition adds options to restrict access to "the boundaries of a specific country by using the GPS signal from the Microsoft Authenticator". Countries can be blocked using the device's IP address or GPS coordinates, which the Microsoft Authenticator application provides. Authentication is denied automatically if the phone is rooted or jailbroken.

microsoft authenticator block countries

The fourth and final new feature may be used to encourage users to enable two-factor authentication and the use of Microsoft Authenticator.

The third and fourth feature is already available.

Administrators may check out the following support pages for additional details:

Closing Words

Three of the four new security features would make good additions to Home editions of Microsoft's Authenticator application. It would probably not be difficult to add extra context to the confirmation prompts, enable the number matching experience, or country blocking.

Now You: do you use an authenticator application or 2-factor authentication?

Summary
New Microsoft Authenticator features for organizations
Article Name
New Microsoft Authenticator features for organizations
Description
Microsoft announced four new features for the company's Microsoft Authenticator application for organizations.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Anonymous said on November 21, 2021 at 1:26 pm
    Reply

    “The feature uses the device’s IP address to display location based information and a map”

    As long as they don’t use authentication security as an excuse to store on their servers the location users connect from, like Mozilla…

    “Authentication is denied automatically if the phone is rooted or jailbroken.”

    Wait until this becomes no longer optional. “For your security”.

    1. Anonymous said on November 23, 2021 at 12:45 am
      Reply

      “Something went wrong.”

  2. Paul(us) said on November 21, 2021 at 2:24 pm
    Reply

    Do I understand it correctly that Microsoft Authenticator is not a cryptographic authenticator?

    And if this M.s. Authenticator is crytomatic does the M.s authenticator use a symmetric-key cryptography or does the M.S. authenticator uses a public-key cryptography?
    I ask this because that I know that both avoid memorized secrets, but I prefer a public-key cryptography, because there are no shared secrets as well, which is I think an important distinction.

    I asking this because I cant find the answers on these on main questions on the Microsoft website?

  3. RogerW said on November 21, 2021 at 4:38 pm
    Reply

    The number matching experience has already been implemented for Microsoft accounts with password-less feature enabled. Just wish they could somehow make other third party accounts push a prompt rather than having to manually enter the number

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.