Microsoft has added new security features for Microsoft Authenticator users that further secure the app and make it easier to roll out in enterprise environments.
Microsoft Authenticator is an authentication tool that helps users log into their accounts using 2FA (two-factor verification aka two-step authentication), passwordless sign-in, or password autofill.
As Microsoft Identity Division’s Corporate VP of Program Management Alex Simons revealed Thursday:
Admins can now prevent accidental approvals in Microsoft Authenticator with number matching and additional context (Public Preview).
Admins can now setup GPS-location based Conditional Access policies using Microsoft Authenticator (GA).
Admins can now nudge their users to setup Microsoft Authenticator during sign-in using the Registration Campaign feature (GA).
By enabling number matching in Microsoft Authenticator push notifications and additional context in requests, admins will improve user sign-in security across the organizations.
They can also make use of Conditional Access policies to restrict access to corporate resource access to a specific geographic area with the help of Microsoft Authenticator GPS location info.
Last but not least, Microsoft now allows pushing users who haven’t yet set up Authenticator to install and use it as a more secure alternative to SMS-based MFA authentication.
Redmond provides information on how to set up Microsoft Authenticator as your preferred 2FA verification method on its documentation site.
In September, the company also announced that it started rolling out passwordless login support to all Microsoft accounts, allowing customers to sign in to Microsoft accounts without using a password.
It first allowed enterprise customers to rollout passwordless authentication in their environments in March following a breakthrough year in 2020 when Microsoft reported that more than 150 million users were signing into their Azure Active Directory and Microsoft accounts via passwordless login.
You can find more information on how to use a passwordless method to sign in to your accounts on Microsoft’s support website.
Source: Bleeping Computer