You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-mfa-mfasettings.md
+8-15Lines changed: 8 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,7 +26,7 @@ The following Azure AD Multi-Factor Authentication settings are available in the
26
26
| ------- | ----------- |
27
27
|[Account lockout](#account-lockout)| Temporarily lock accounts from using Azure AD Multi-Factor Authentication if there are too many denied authentication attempts in a row. This feature applies only to users who enter a PIN to authenticate. (MFA Server only) |
28
28
|[Block/unblock users](#block-and-unblock-users)| Block specific users from being able to receive Azure AD Multi-Factor Authentication requests. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they're blocked or until they're manually unblocked. |
29
-
|[Fraud alert](#fraud-alert)| Configure settings that allow users to report fraudulent verification requests. |
29
+
|[Report suspicious activity](#report-suspicious-activity)| Configure settings that allow users to report fraudulent verification requests. |
30
30
|[Notifications](#notifications)| Enable notifications of events from MFA Server. |
31
31
|[OATH tokens](concept-authentication-oath-tokens.md)| Used in cloud-based Azure AD Multi-Factor Authentication environments to manage OATH tokens for users. |
32
32
|[Phone call settings](#phone-call-settings)| Configure settings related to phone calls and greetings for cloud and on-premises environments. |
@@ -76,24 +76,17 @@ To unblock a user, complete the following steps:
76
76
1. Enter a comment in the **Reason for unblocking** box.
77
77
1. Select **OK** to unblock the user.
78
78
79
-
## Fraud alert
79
+
## Report suspicious activity
80
80
81
-
The fraud alert feature lets users report fraudulent attempts to access their resources. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt by using the Microsoft Authenticator app or through their phone.
81
+
A preview of **Report Suspicious Activity**, the updated MFA **Fraud Alert** feature, is now available. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt by using Microsoft Authenticator or through their phone. These alerts are integrated with [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) for more comprehensive coverage and capability.
82
82
83
-
The following fraud alert configuration options are available:
83
+
Users who report an MFA prompt as suspicious are set to **High User Risk**. Administrators can use risk-based policies to limit access for these users, or enable self-service password reset (SSPR) for users to remediate problems on their own. If you previously used the **Fraud Alert** automatic blocking feature and don't have an Azure AD P2 license for risk-based policies, you can use risk detection events to identify and disable impacted users and automatically prevent their sign-in. For more information about using risk-based policies, see [Risk-based access policies](https://learn.microsoft.com/azure/active-directory/identity-protection/concept-identity-protection-policies).
84
84
85
-
***Automatically block users who report fraud**. If a user reports fraud, the Azure AD Multi-Factor Authentication attempts for the user account are blocked for 90 days or until an administrator unblocks the account. An administrator can review sign-ins by using the sign-in report, and take appropriate action to prevent future fraud. An administrator can then [unblock](#unblock-a-user) the user's account.
86
-
***Code to report fraud during initial greeting**. When users receive a phone call to perform multi-factor authentication, they normally press **#** to confirm their sign-in. To report fraud, the user enters a code before pressing **#**. This code is **0** by default, but you can customize it. If automatic blocking is enabled, after the user presses **0#** to report fraud, they need to press **1** to confirm the account blocking.
85
+
To enable **Report Suspicious Activity** from the Authentication Methods Settings:
87
86
88
-
> [!NOTE]
89
-
> The default voice greetings from Microsoft instruct users to press **0#** to submit a fraud alert. If you want to use a code other than **0**, record and upload your own custom voice greetings with appropriate instructions for your users.
90
-
91
-
To enable and configure fraud alerts, complete the following steps:
92
-
93
-
1. Go to **Azure Active Directory** > **Security** > **Multifactor authentication** > **Fraud alert**.
94
-
1. Set **Allow users to submit fraud alerts** to **On**.
95
-
1. Configure the **Automatically block users who report fraud** or **Code to report fraud during initial greeting** setting as needed.
96
-
1. Select **Save**.
87
+
1. In the Azure portal, click **Azure AD** > **Security** > **Authentication Methods** > **Settings**.
88
+
1. Set **Report Suspicious Activity** to **Enabled**.
0 commit comments