Microsoft Authenticator: Display Location During Login Attempts [CHK-1153]
This check verifies if Microsoft Authenticator is set to display the location during a login attempt.
Rationale
Enabling location display during login attempts allows employees to identify and reject fraudulent login attempts more effectively.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to Entra ID portal at https://entra.microsoft.com
- Go to Authentication methods
- Click on "Policies"
- Click on "Microsoft Authenticator"
- Under "Configure", expand "Show geographic location in push and passwordless notifications"
- Set this option to "Enabled"
- Click "Save"
Impact
Once the fix is implemented, the location of a sign-in attempt will be shown in the Microsoft Authenticator Multi-Factor Authentication (MFA) prompt, enhancing security by providing additional context for login attempts.
More Information
- Example of context info
- Example in case number matching is enabled
- CHK-1142 - Verifies whether the app name of a login attempt is also displayed.
