Skip to main content

Microsoft

Azure AD Authentication and authorization error codes

MFA Number matching


Why does this matter?
MFA fatigue attacks rely on a user’s ability to approve a simple SMS or push notification that doesn’t require the user to have context of the session being authenticated. According to Microsoft, the use of simple approvals such as “click to approve” or “enter your PIN to approve” has resulted in a corresponding rise in MFA attacks; this security upgrade will address this identified vulnerability.

What will number matching entail?
During the MFA process, users will be prompted to enter a randomly generated number from the login screen to verify the session/application being authenticated. This change will also show the application that is requesting MFA along with the location from where it is accessed.
Back to top