If Microsoft Authenticator is enabled, it SHALL be configured to show login context information.

Why This Matters

Without login context information, Microsoft Authenticator push notifications display minimal details about the sign-in attempt. Attackers exploiting MFA fatigue attacks can bombard users with notifications they might accidentally approve. Requiring context data like the app name, location, and requesting IP address helps your users make informed approval decisions.

What Aether365 Checks

Aether365 verifies that the Microsoft Authenticator authentication method policy has "Show application name," "Show geographic location," and "Show requesting IP" all set to enabled. This check appears in the Aether365 dashboard under the Entra ID (entra-id) section as part of the CISA MS.AAD.3.3 compliance rule.