Ability to show the two step verification code when logging in

James Blackwell 1 Reputation point
2022-01-07T22:29:50.093+00:00

I originally posted this here, but that area has since been archived, so reposting here:

I've configured my personal Hotmail account to use MFA and when signing in, it shows me a unique code on the screen and also displays this SAME code in my MFA app on my phone (iPhone, fwiw). I like this approach, because it lets me visually validate the request I'm attempting to log into is the same one I'm approving via the MFA app on my phone.

Is there a way to configure my Azure/O365 environment (E5) to do this as well? Currently, it just pops up on my phone and doesn't really identify where it's coming from, so I technically have no idea if it's someone else, or me, if that makes sense.

Thank you,

-jb

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,315 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JamesTran-MSFT 36,596 Reputation points Microsoft Employee
    2022-01-08T01:03:34.857+00:00

    @James Blackwell
    Thank you for your post!

    If you don't have an Azure AD P1 license, you can definitely leverage security defaults within Azure Active Directory to enable MFA, this'll take you through a similar process as your Hotmail account. Security defaults is a set of basic identity security mechanisms recommended by Microsoft. To set up authentication with an Authenticator app, you can Set up the Microsoft Authenticator app from the Security info page, or leverage your own 3rd party authenticator app.
    163219-image.png

    If you have an Azure AD Premium P1 license, you can also leverage Conditional Access Policies to enable MFA within your Azure tenant. Customers with Microsoft 365 Business Premium licenses also have access to Conditional Access features.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


  2. JamesTran-MSFT 36,596 Reputation points Microsoft Employee
    2022-01-28T22:02:05.787+00:00

    @James Blackwell
    Thank you for following up on this!

    When it comes to the "tap the number" functionality, this is called Number matching and is a key security upgrade to traditional second factor notifications in the Microsoft Authenticator app that will be enabled by default for all tenants a few months after general availability (GA). For more info on how to enable Number matching.

    169532-image.png

    You can also improve the security of user sign-in by adding app location, based on IP address in Microsoft Authenticator push notifications. For more info.
    169533-image.png

    Additional Links:
    New Microsoft Authenticator security features are now available
    How to use Microsoft managed settings - Authentication Methods Policy

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.