How to prevent MFA number matching prompts from blocked locations when using passwordless authentication?

Kiril 96 Reputation points
2023-01-27T08:39:42.8833333+00:00

We have enabled passwordless authentication in our tenant, using the Microsoft Authenticator app. When users sign in they only need to enter the double digit number on their phone for number matching. We have also excluded all locations in a Conditional Access policy except for one country. Our users still get number matching prompts from other countries than the whitelisted (basically from all over the world). I assume the CA policy about location whitelisting is applied after a user successfully signs in, but this is still irritating to the user.

Is it possible to prevent those malicious login attempts from blacklisted locations?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,715 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 138.6K Reputation points MVP
    2023-01-27T12:38:56.32+00:00

    This is a real good question and request. I dont think you can at this point:

    [https://learn.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules#additional-security-considerationshttps://learn.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules#additional-security-considerations

    Might be worth providing this as an idea here:

    [https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

    User's image

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful