Authentication Method - Microsoft Authenticator - Require number matching for push notifications
Why This Matters
Number matching in Microsoft Authenticator push notifications helps prevent accidental approval of malicious sign-in requests. Without this requirement enabled, users might tap "Approve" on a notification without verifying the specific authentication request, which could allow an attacker to gain unauthorized access. This setting reduces the risk of MFA fatigue attacks by forcing users to enter a matching number displayed on the sign-in screen.
What Aether365 Checks
Aether365 verifies that the Microsoft Authenticator authentication method configuration has the number matching requirement enabled in the featureSettings.numberMatchingRequiredState.state setting. This check appears in the Aether365 dashboard under the entra-id category.