Merge pull request #227587 from Justinha/number-match-date

prmerger-automator[bot] · web-flow · commit 37b8b129ac80 · 2023-02-16T15:22:24.000Z
addressed issues
diff --git a/articles/active-directory/authentication/how-to-mfa-number-match.md b/articles/active-directory/authentication/how-to-mfa-number-match.md
@@ -4,7 +4,7 @@ description: Learn how to use number matching in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/15/2023
+ms.date: 02/16/2023
 ms.author: justinha
 author: justinha
 ms.collection: M365-identity-device-management
@@ -87,12 +87,12 @@ Prior to the release of NPS extension version 1.2.2216.1 after May 8, 2023, orga
 >[!NOTE] 
 >NPS extensions versions earlier than 1.0.1.40 don't support OTP enforced by number matching. These versions will continue to present users with **Approve**/**Deny**.
 
-To create the registry key to override the **Approve**/**Deny** options in push notifications and require an OTP instead:
+To create the registry entry to override the **Approve**/**Deny** options in push notifications and require an OTP instead:
 
 1. On the NPS Server, open the Registry Editor.
 1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa.
-1. Set the following Key Value Pair:
-   Key: OVERRIDE_NUMBER_MATCHING_WITH_OTP
+1. Create the following String/Value pair:
+   Name: OVERRIDE_NUMBER_MATCHING_WITH_OTP
    Value = TRUE
 1. Restart the NPS Service. 
 
@@ -330,12 +330,12 @@ Here are differences in sign-in scenarios that Microsoft Authenticator users wil
 - AD FS adapter will require number matching on [supported versions of Windows Server](#ad-fs-adapter). On earlier versions, users will continue to see the **Approve**/**Deny** experience and won’t see number matching until you upgrade. 
 - NPS extension versions beginning 1.2.2131.2 will require users to do number matching. Because the NPS extension can’t show a number, the user will be asked to enter a One-Time Passcode (OTP). The user must have an OTP authentication method such as Microsoft Authenticator or software OATH tokens registered to see this behavior. If the user doesn’t have an OTP method registered, they’ll continue to get the **Approve**/**Deny** experience.  
  
-  To create a registry key that overrides this behavior and prompts users with **Approve**/**Deny**: 
+  To create a registry entry that overrides this behavior and prompts users with **Approve**/**Deny**: 
 
   1. On the NPS Server, open the Registry Editor.
   1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa.
-  1. Set the following Key Value Pair:
-     Key: OVERRIDE_NUMBER_MATCHING_WITH_OTP
+  1. Create the following String/Value:
+     Name: OVERRIDE_NUMBER_MATCHING_WITH_OTP
      Value = FALSE
   1. Restart the NPS Service. 
 
@@ -376,6 +376,16 @@ If a user is running an older version of Microsoft Authenticator that doesn't su
 
 Older versions of Microsoft Authenticator prompt users to tap and select a number rather than enter the number in Microsoft Authenticator. These authentications won't fail, but Microsoft highly recommends that users upgrade to the latest version of Microsoft Authenticator if they use Android versions prior to 6.2108.5654, or iOS versions prior to 6.5.82, so they can use number match.
 
+Minimum Microsoft Authenticator version supporting number matching:
+
+- Android: 6.2006.4198
+- iOS: 6.4.12
+
+Minimum Microsoft Authenticator version for number matching which prompts to enter a number:
+
+- Android 6.2111.7701
+- iOS 6.5.85
+
 ## Next steps
 
 [Authentication methods in Azure Active Directory](concept-authentication-authenticator-app.md)
