Skip to Content

MC468492: Authenticator number matching to be enabled for all Microsoft Authenticator users

Microsoft Authenticator App’s number matching is Generally Available! Microsoft will start enabling this critical security feature for all users of the Microsoft Authenticator app.

MC468492: Authenticator number matching to be enabled for all Microsoft Authenticator users

When this will happen

Beginning February 27, 2023

How this affects your organization

To prevent accidental approvals, admins can require users to enter a number displayed on the sign-in screen when approving an MFA request in the Microsoft Authenticator app. This feature is critical to protecting against MFA fatigue attacks which are on the rise.

Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. Admins can now selectively choose to enable the following:

  • Application context: Show users which application they are signing into.
  • Geographic location context: Show users their sign-in location based on the IP address of the device they are signing into.

Number match behavior in different scenarios after 27-February 2023:

  1. Authentication flows will require users to do number match when using the Microsoft Authenticator app. If the user is using a version of the Authenticator app that doesn’t support number match, their authentication will fail. Please make sure upgrade to the latest version of Microsoft Authenticator (App Store and Google Play Store) to use it for sign-in.
  2. Self Service Password Reset (SSPR) and combined registration flows will also require number match when users are using the Microsoft Authenticator app.
  3. ADFS adapter will require number matching on versions of Windows Server that support number matching. On earlier versions, users will continue to see the “Approve/Deny” experience and won’t see number matching till you upgrade.
  • Windows Server 2022 October 26, 2021—KB5006745 (OS Build 20348.320)
  • Windows Server 2019 October 19, 2021—KB5006744 (OS Build 17763.2268)
  • Windows Server 2016 October 12, 2021—KB5006669 (OS Build 14393.4704)

NPS extension versions beginning 1.2.2131.2 will require users to do number matching after 27-February 2023. Because the NPS extension can’t show a number, the user will be asked to enter a One-Time Passcode (OTP). The user must have an OTP authentication method (e.g. Microsoft Authenticator app, software tokens etc.) registered to see this behavior. If the user doesn’t have an OTP method registered, they’ll continue to get the Approve/Deny experience. You can create a registry key that overrides this behavior and prompts users with Approve/Deny. More information can be found in the number matching documentation.

Apple Watch – Apple Watch will remain unsupported for number matching. We recommend you uninstall the Microsoft Authenticator Apple Watch app because you have to approve notifications on your phone.

What you can do to prepare

We highly recommend that you leverage the rollout controls (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy these features (number match and additional context) for users of the Microsoft Authenticator app.

Learn more at

Message ID: MC468492
Published: 2022-11-18
Updated: 2022-11-18
Product: Azure Active Directory, Graph API, SharePoint
Platform: Developer, World tenant

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.