Authentication Method - Microsoft Authenticator - Included users/groups to show application name in push and passwordless notifications

Why This Matters

When users see only generic prompts during Microsoft Authenticator push or passwordless notifications, they cannot verify which application is requesting approval. This increases the risk of accidental approval of malicious requests, as users may approve notifications from unknown or untrusted sources. Configuring the application name display across all user groups ensures every authentication request includes clear context for informed approval decisions.

What Aether365 Checks

Aether365 verifies that the Microsoft Authenticator authentication method policy includes the 'all_users' group as the target for displaying application names in push and passwordless notifications. This check appears in your dashboard under the entra-id checks category.

Microsoft references

• Microsoftauthenticatorauthenticationmethodconfiguration
• [Graph explorer](https://developer.microsoft.com/en-us/graph/graph-explorer?request=policies/authenticationMethodsPolicy/authenticationMethodConfigurations()