Comments on: Improve MFA Effectiveness in Your Microsoft 365 Tenant in 30 Minutes

By: Tony Redmond

Tony Redmond — Mon, 15 Aug 2022 19:27:59 +0000

In reply to Ahmad. I don't believe it requires passwordless but I can't be certain. Test it and see!

By: Ahmad

Ahmad — Mon, 15 Aug 2022 18:30:16 +0000

Does additional context require passwordless or would it work with just push?

By: Tony Redmond

Tony Redmond — Thu, 27 Jan 2022 14:29:34 +0000

In reply to Clare. The users must be generating many authentication requests over a short period. I certainly have never had an issue with competing authentications. I can see how it might happen, but I have never had to cope with the situation.

By: Clare

Clare — Thu, 27 Jan 2022 13:48:12 +0000

Do you know of a procedure to bypass additional context/number matching when the request to sign in is via a mobile app on the same device where authenticator resides? i.e. users complain of overlapping notifications and unable to see number matching without leaving the app on that device that they are trying to login to.

By: Arian van der Pijl

Arian van der Pijl — Sun, 28 Nov 2021 11:53:58 +0000

In reply to Phillip L..

If you use the Azure AD MFA NPS plugin on-premise to secure for example the RDS Gateway of VMware Horizonservices there is no ‘gui’ to enter the response.
So somehow the ‘approve’ routine cannot (I guess it never will) be disabled for some MFA services.

By: Tony Redmond

Tony Redmond — Wed, 24 Nov 2021 11:52:59 +0000

In reply to Christopher Page.

You need to be licensed to use MFA. The Office 365 plans include basic MFA while you can pay more for extra functionality through Azure AD premium licenses. See https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing.

By: Tony Redmond

Tony Redmond — Wed, 24 Nov 2021 09:35:40 +0000

In reply to Marty. One observation that I have is that the additional context only appears on phones running the Authenticator app. Because it's on a phone and the apps are very graphical, it seems to me that users will accept the context, especially as it is not very granular when it comes to precise locations!

By: Marty

Marty — Wed, 24 Nov 2021 07:23:45 +0000

Application context without location would be cool. We had a hard time to convince everybody to install authenticator on their private phones. If it shows their location, they will feel tracked

By: Christopher Page

Christopher Page — Tue, 23 Nov 2021 23:05:26 +0000

Hi Tony,
What licensing levels/options are needed to implement these settings?
Thank you,
Chris

By: Tony Redmond

Tony Redmond — Tue, 23 Nov 2021 09:16:57 +0000

In reply to Alex Christophe.

Hi Alex,

Of course, third party solutions are also available to help increase the security of Microsoft 365 tenants. However, it usually takes much longer than 30 minutes to organize the procurement of any third-partyy software. The point here is that you can put the Microsoft implementation of number matching and additional context into production within 30 minutes (and at no cost).