MFA: Microsoft Authenticator Number Matching for Office 365 Services

Summary

Changes to MFA Authenticator App will require a NUMBER entry rather than 'approve'/'decline'.

Body

General Information


Question:

  • What is changing with the MFA application (Microsoft Authenticator)? 

Answer:

 

Effective February 27, 2023, Minnesota State Microsoft Office 365 and other online services will enhance security by adding “number matching” to the multi-factor authentication process for those using the Microsoft Authenticator application

This change will not impact you if you use another authentication method to verify your identity for these services, such as entering a code you receive by text message or phone call. Those already using number matching through Microsoft Authenticator's password-less authentication option will also not notice a change.

Why is this being done? The extra step of number matching helps ensure that the person requesting access into an account is the same person approving the sign-in on a device. Without number matching, a bad actor who has obtained someone’s login credentials could attempt to log in, sending a prompt to the victim to approve the sign-in request. If the victim inadvertently approves the request, the bad actor can gain access to the victim’s account.

Although this change largely affects Minnesota State Microsoft Office 365 services, other online services at Anoka-Ramsey Community College and Anoka Technical College will begin the number-matching process on February 27, 2023.

Instructions

Instructions for authenticating into Microsoft Office 365 using the Microsoft Authenticator application once number matching takes effect on February 27, 2023: 

1. Enter your credentials for logging into Minnesota State's Office 365 services (YourStarID@minnstate.edu for faculty/staff; YourStarID@go.minnstate.edu for students). After you enter your credentials, an “Approve sign-in request” window will appear in your browser with instructions to open your Authenticator application and a number that you will need to enter into the Authenticator application to log in. 

2. Open your Authenticator application, enter the number, and select “Yes” to finish verifying your identity. After verifying your identity by entering the number, you should automatically get logged into your Microsoft Office 365 account. 

    

 

Important notes related to this change:

  • Ensure you are using the latest version of the Authenticator application. Often application updates happen automatically, yet we encourage anyone using the Authenticator application to verify they are using the last version and upgrade if needed. Microsoft Authenticator for Android versions prior to 6.2006.4198, or iOS versions prior to 6.4.12 do not support number matching, so the authentication will fail.
  • Number matching is not supported by Apple Watches. It is recommended that Apple Watch users remove the application from their watch because users will need to use their phone to approve sign-in requests once number matching is enabled.
  • Never approve sign-in requests that you did not request or expect.

If you need assistance logging into Office 365 or other services, or have any questions about this change, please submit a request for help. 


Summary:

Changes to the MFA Authenticator app will require people to enter the number shown, to sign in. Users who do not use the app will not be affected.

Details

Details

Article ID: 143435
Created
Tue 2/14/23 6:33 PM
Modified
Wed 5/15/24 1:24 PM