Using the Microsoft Authenticator App with Azure MFA

Description

Starting February 27, when using the Microsoft Authenticator app with Azure MFA, you’ll be prompted to enter a number shown on your screen to complete your login. This article shows you what this number-matching process looks like.

Environment

Smartphone with the Microsoft Authenticator app installed, computer

About

Microsoft is launching the number-matching update to comply with new MFA regulations from the U.S. Cybersecurity Agency that protect your account from hackers. These regulations prevent a new form of hacking called MFA fatigue attacks. During an MFA fatigue attack, a hacker steals your password in a phishing attempt and spams you with MFA push notifications, hoping that you’ll let them access your data. Authenticating through number-matching prevents this type of attack.

Note: This update impacts anyone who uses the Microsoft Authenticator app to authenticate. It is not possible to opt out of number matching when using the app. However, if you use a phone call or text message (SMS) to authenticate, you will not be impacted by this update.

Procedure

• After February 27, 2023, navigate to any online application requiring your OHIO log-in (ex: Catmail, Blackboard, etc.).

• Enter your OHIO email address and password.

• You will receive a push notification on your phone from the Microsoft Authenticator app.

  • You may not receive a notification if you have selected Remember me for 90 days. You can open a private/incognito window on your web browser to see the new authentication experience.

• Select the push notification on your phone.

• You will then see a number on your device’s screen.

• Enter this number in the Authenticator app and select Yes.

Outcome: You have successfully authenticated your log-in via number matching on the Microsoft Authenticator app. 

Note:

• You can still select Remember me for 90 days at any online OHIO log-in screen. 

• Apple Watch is no longer compatible with the Authenticator app due to this security update.

• When you connect to campus VPN, you will receive a push notification instead of being prompted to number-match.

Tip: Do not accept any authentication requests that you do not recognize. You can view your account's log-in history by opening the Microsoft Authenticator app and selecting Review Recent Activity. You can also navigate to myaccount.microsoft.com and select My sign-ins.  If you do not recognize the log-in device or location, you should reset your password immediately. 

Additional Resources:

• Enrolling in Microsoft Azure MFA

• Changing your default sign-in method with Azure MFA (app, phone call, SMS)

• Reset your password using Azure MFA

Get help from OIT

• Visit the Multi-Factor Authentication: Azure page to create a ticket.

• View all Help & Resources: Multi-Factor Authentication: Azure.