8 comments

Add a comment…

Sign in

prestine

Your name

Your email address

(thinking…)

Password

Sign in with: Facebook Google

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

Post comment Submitting...

• AOEH commented  ·  January 7, 2021 12:42 AM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  Interestingly, on my private account, I get a number to approve (number on the display has to be clicked on my phone)... that's already much better as randomly approve requests on my business account. How should that increase security if a user gets several requests (Teams, Outlook, OneDrive...) without knowing from where they come from? In my opinion that's annoying for any user and in the end a vulnerability because the user learns to approve requests without reviewing it.

  Save Submitting...
• Anonymous commented  ·  December 17, 2020 2:45 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  Ridiculous. I have some device/app that seems to want to reauthenticate when I change networks, e.g. travel from home to office. It happens while devices are still in my bag and I'm not actively using them. Amazon can do it by txting details and a link. I understand geolocation of request is rubbery, but surely you could give SOME detail of what the request is...

  Save Submitting...
• Anonymous commented  ·  November 29, 2020 11:40 AM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  It's ridiculous that this is supported for the consumer/MSA authentication (displays a unique code on both devices), but not for the enterprise accounts. I'll get random MFA prompts when I'm away from my computer that turned out to be from one of the browser tabs I had open, but with no way of knowing where the request originated. If users are trained to just click "approve" then it defeats the whole purpose of MFA.

  Save Submitting...
• Esmond Kane commented  ·  September 18, 2020 12:17 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  Theres a similar request in the Azure feedback forum here:

  https://feedback.azure.com/forums/34192--general-feedback/suggestions/39387022-get-more-information-in-microsoft-authenticator-no

  Save Submitting...
• Stefano commented  ·  August 27, 2020 11:55 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  Would be great to see what device is requesting the authentication. This is very important! Thanks.

  Save Submitting...
• Anonymous commented  ·  August 17, 2020 3:35 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  I like this idea but if it's too hard to implement then how about a prompt on the computer it is being requested from and it requests a user to click send before it is pushed to the phone (Like Duo Security). That way at least the user is expecting the prompt.

  Save Submitting...
• Nauman Mazhar commented  ·  July 9, 2020 6:51 AM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  Microsoft Authenticator needs some basic enhancements to include requestor's OS name, Location/Country, IP Address, Web Browser, etc to help users to identify if the request is genuine or from phishing links they have clicked. Google, Yahoo, Duo and other authenticator providers already educate users with this information during approval process. Enterprises urgently need this feature to educate end users before approval.

  Save Submitting...
• Andy Wallace commented  ·  April 30, 2020 11:11 PM  ·  Flag as inappropriateFlag as inappropriate  ·  Edit…  ·  Delete…

  I completely agree.... Authentication should be smart and if multiple applications are requesting it, then it should be clear which one each SMS refers too. Right now you can get multiple SMS's and perhaps only one request popping up on screen....very frustrating.

  Save Submitting...