enable location rich context For MFA push notifications Archives - the Sysadmin Channel https://thesysadminchannel.com/tag/enable-location-rich-context-for-mfa-push-notifications/ Documenting My Life as a System Administrator Sun, 23 Jan 2022 07:07:44 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.3 144174110 Enable Location Rich Context For MFA Push Notifications https://thesysadminchannel.com/enable-location-rich-context-for-mfa-push-notifications/ https://thesysadminchannel.com/enable-location-rich-context-for-mfa-push-notifications/#respond Sun, 23 Jan 2022 07:07:44 +0000 https://thesysadminchannel.com/?p=3786 Wow! I must say this is a preview that I’ve been waiting to go public for quite some time. Microsoft recently released a feature to show the application as well as the IP address location in your MFA push notifications.… Continue Reading

The post Enable Location Rich Context For MFA Push Notifications appeared first on the Sysadmin Channel.

]]> Wow! I must say this is a preview that I’ve been waiting to go public for quite some time. Microsoft recently released a feature to show the application as well as the IP address location in your MFA push notifications. This feature is more appropriately referred to as MFA additional context and it’s definitely a step in right direction for security and IT Professionals. This article will explain how to enable location rich context for MFA push notifications.

What is Additional Context

As mentioned, additional context allows the user to see what application triggered the MFA challenge and arguably more importantly, the location of the device that triggered it. So essentially, it will tell you what and where the MFA was triggered.
 

A lot of administrators have been requesting a feature like this to provide better security for their organization. Now, when users get MFA push notifications they can confirm that the location is not somewhere half way across the world.

What Are The Requirements To Enable This Feature

Before we get into the steps to enable this feature, let’s take a brief moment to discuss the requirements.

For starters:

  • A Global Administrator -or Authentication Policy Administrator are required to set the policies
  • MFA push notifications must be enabled and set as the default
    • Note: If the default authentication method is TOTP additional context won’t work

How To Enable Location Rich Context For MFA Push Notifications

In order to move forward with MFA location rich context, let’s take you step by step to enable this policy for all or a subset of users in your organization. This can be enabled via Graph Explorer, but we’ll cover the method for setting this up in the Azure Portal graphical user interface.

In the Azure Portal:

  • Navigate to Azure AD -> Security -> Authentication Methods
  • Select Microsoft Authenticator

Enable Microsoft Authenticator Policy
 

  • Under Enable: Click Yes to enable the policy
  • Under Target: Select your choice of All users -or Select users
  • Next to Registration, click the 3 ellipsis -> Configure

Microsoft Authenticator Settings
 

  • Authentication Method: set to Any
  • Require Number Matching: I recommend setting to enable
  • Show additional context in notifications: set to Enabled
  • Click Done

Configure Authentication Policies

Enable Location Rich Context For MFA Push Notifications

This is using additional context and number matching for added security.

Conclusion

So there you have it. We’ve gone over the steps to enable location rich context for MFA push notifications in your organization and hopefully it’s something you’ll be able to implement fairly soon. It’s great step for security and personally I think it’s great for users as well.
 

If you enjoyed this and want to see more like it, be sure to check out our Azure posts for more useful content.

The post Enable Location Rich Context For MFA Push Notifications appeared first on the Sysadmin Channel.

]]> https://thesysadminchannel.com/enable-location-rich-context-for-mfa-push-notifications/feed/ 0 3786