Using the Microsoft Authenticator App with Azure MFA


Learn how to authenticate using number matching on the Microsoft Authenticator App.



When using the Microsoft Authenticator app with Azure Multi-Factor Authentication, you’ll be prompted to enter a number shown on your screen to complete your login. In addition, the name of the application requesting authentication will appear on the number matching screen. This article shows you what this number-matching process looks like.


Smartphone with the Microsoft Authenticator app installed, computer


Microsoft has launched the number-matching update to comply with the U.S. Cybersecurity Agency MFA recommendations to help protect your account from hackers. These regulations prevent a form of hacking called MFA fatigue attacks. During an MFA fatigue attack, a hacker steals your password in a phishing attempt and spams you with MFA push notifications, hoping that you’ll let them access your data. Authenticating through number-matching prevents this type of attack. In addition to number-matching, the name of the application requesting authentication will be listed on the number matching screen in the Microsoft Authenticator app, further enhancing security by allowing you to recognize an authorized log-in. If you do not recognize, or are not attempting to open the app named in the authenticator, then the request may be malicious. Report any suspicious behavior to Information Security at and reset your password.

Note: This feature impacts anyone who uses the Microsoft Authenticator app to authenticate. It is not possible to opt out of number matching when using the app. However, if you use a phone call or text message (SMS) to authenticate, you will not be impacted.


  • Navigate to any online application requiring your OHIO log-in (ex: Catmail, Blackboard, etc.).
  • Enter your OHIO email address and password.
  • You will receive a push notification on your phone from the Microsoft Authenticator app.
  • You may not receive a notification if you have selected Remember me for 90 days. You can open a private/incognito window on your web browser to see the new authentication experience.
  • Select the push notification on your phone.
  • You will then see a number on your device’s screen.

Microsoft Authenticator app showing a number on the screen.

  • Enter this number in the Authenticator app and select Yes. The name of the application requesting authentication will appear above the number entry field.
    • Note: If you do not recognize the name of the application, or if you are not attempting to access the application named in the request, do not accept the request; it may be malicious.

Microsoft Authenticator app with a field to enter a number. Buttons "No, it's not me" and "yes" appear below the number field.

Outcome: You have successfully authenticated your log-in via number matching on the Microsoft Authenticator app. 


  • You can still select Remember me for 90 days at any online OHIO log-in screen. 
  • Apple Watch is no longer compatible with the Authenticator app due to this security update.
  • When you connect to campus VPN, you will receive a push notification instead of being prompted to number-match.

Tip: Do not accept any authentication requests that you do not recognize. You can view your account's log-in history by opening the Microsoft Authenticator app and selecting Review Recent Activity. You can also navigate to and select My sign-ins.  If you do not recognize the log-in device or location, you should reset your password immediately. 

Additional Resources:

Get help from OIT



Article ID: 550
Tue 1/17/23 7:18 PM
Mon 7/31/23 8:56 AM