Microsoft Authenticator needs to display the machine / device name, application and location
When Microsoft Authenticator pops up on your phone there is no indication of what device is requesting the authentication. It would be much better if the machine or device name, application and location was shown so that you know you are verifying a request that you have made
Interestingly, on my private account, I get a number to approve (number on the display has to be clicked on my phone)... that's already much better as randomly approve requests on my business account. How should that increase security if a user gets several requests (Teams, Outlook, OneDrive...) without knowing from where they come from? In my opinion that's annoying for any user and in the end a vulnerability because the user learns to approve requests without reviewing it.
Ridiculous. I have some device/app that seems to want to reauthenticate when I change networks, e.g. travel from home to office. It happens while devices are still in my bag and I'm not actively using them. Amazon can do it by txting details and a link. I understand geolocation of request is rubbery, but surely you could give SOME detail of what the request is...
It's ridiculous that this is supported for the consumer/MSA authentication (displays a unique code on both devices), but not for the enterprise accounts. I'll get random MFA prompts when I'm away from my computer that turned out to be from one of the browser tabs I had open, but with no way of knowing where the request originated. If users are trained to just click "approve" then it defeats the whole purpose of MFA.
Esmond Kane commented
Theres a similar request in the Azure feedback forum here:
Would be great to see what device is requesting the authentication. This is very important! Thanks.
I like this idea but if it's too hard to implement then how about a prompt on the computer it is being requested from and it requests a user to click send before it is pushed to the phone (Like Duo Security). That way at least the user is expecting the prompt.
Nauman Mazhar commented
Microsoft Authenticator needs some basic enhancements to include requestor's OS name, Location/Country, IP Address, Web Browser, etc to help users to identify if the request is genuine or from phishing links they have clicked. Google, Yahoo, Duo and other authenticator providers already educate users with this information during approval process. Enterprises urgently need this feature to educate end users before approval.
Andy Wallace commented
I completely agree.... Authentication should be smart and if multiple applications are requesting it, then it should be clear which one each SMS refers too. Right now you can get multiple SMS's and perhaps only one request popping up on screen....very frustrating.