Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Push Notifications via Microsoft Authenticator Check [CHK-1140]

This check verifies if Push notifications via Microsoft Authenticator are enabled for two-factor authentication.

Rationale

Two-factor authentication provides extra protection against leaked passwords. Microsoft Authenticator is a secure and user-friendly way to activate this feature. During a login attempt, the user will receive an additional verification notification on their mobile device to approve the attempt.

Fix

An automated fix is available through Attic.

Manual steps:

  1. Navigate to Entra ID portal at https://entra.microsoft.com.
  2. Go to Authentication methods.
  3. Click on "Policies".
  4. Click on "Microsoft Authenticator".
  5. Set "Enable" to "Yes".
  6. Under "Target", select "All users".
  7. Under "Configure", ensure "Allow use of Microsoft Authenticator OTP" is set to "Enabled".
  8. Set "Require number matching" to "Enabled" for additional security.
  9. Click "Save".

Impact

We advise making Microsoft Authenticator available for all employees which results in push notifications via Microsoft Authenticator when they sign-in.

More Information

For more information, visit Microsoft Authenticator.