Starting on February 27, 2023 Microsoft is enhancing the security of their Authenticator app by implementing ‘number matching’. According to Microsoft, “Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. We will remove the admin controls and enforce the number match experience tenant-wide for all users starting February 27, 2023. We highly recommend enabling number matching in the near term for improved sign-in security.”

When a user responds to an MFA push notification using the Authenticator app, they’ll be presented with a number. They need to type that number into the app to complete the approval.

Number matching is available for the following scenarios. When enabled, all scenarios support number matching.

  • Multifactor authentication (MFA)
  • Self-service password reset (SSPR)
  • Combined SSPR and MFA registration during Authenticator app set up
  • AD FS adapter
  • Network Policy Server (NPS)

NOTE: Number matching IS NOT supported for Apple Watch notifications. Apple Watch users need to use their phone to approve notifications when number matching is enabled. Therefore, it is recommended that you delete Microsoft Authenticator from your Apple Watch and sign in with Microsoft Authenticator on another device.

For more information or if you are needing assistance with your Microsoft Authenticator App, please contact the Epsilon Solution Center at 828.398.5416.