If part of your company’s security policy is to use Microsoft Authenticator, then know that change is coming to all users. The experience of using Microsoft Authenticator will change from approving notifications to number matching.
Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. Microsoft will remove the admin controls and enforce the number match experience tenant-wide for all users starting February 27, 2023.
Microsoft highly recommend enabling number matching in the near term for improved sign-in security. Relevant services will begin deploying these changes after February 27, 2023 and users will start to see number match in approval requests. As services deploy, some may see number match while others don't. To ensure consistent behavior for all users, Microsoft highly recommend you enable number match for Microsoft Authenticator push notifications in advance.
When a user responds to an MFA push notification using the Authenticator app, they'll be presented with a number. They need to type that number into the app to complete the approval. With number matching, a number is displayed to a user when they sign in, and instead of entering this number on the device, they log in to confirm the number on the MFA device.
Number matching is available for the following scenarios. When enabled, all scenarios support number matching.
- Multifactor authentication
- Self-service password reset
- Combined SSPR and MFA registration during Authenticator app set up
- AD FS adapter
- NPS extension
Number matching isn't supported for Apple Watch notifications. Apple Watch users need to use their phone to approve notifications when number matching is enabled.
Source: Microsoft