Merge pull request #192178 from Justinha/match

revisions

Author: PRMerger14

articles/active-directory/authentication/how-to-mfa-additional-context.md

@@ -1,17 +1,17 @@
 ---
-title: Use additional context in multifactor authentication (MFA) notifications (Preview) - Azure Active Directory
+title: Use additional context in Microsoft Authenticator notifications (Preview) - Azure Active Directory
 description: Learn how to use additional context in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/11/2022
+ms.date: 03/18/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
 
 # Customer intent: As an identity administrator, I want to encourage users to use the Microsoft Authenticator app in Azure AD to improve and secure user sign-in events.
 ---
-# How to use additional context in multifactor authentication (MFA) notifications (Preview) - Authentication Methods Policy
+# How to use additional context in Microsoft Authenticator notifications (Preview) - Authentication Methods Policy
 
 This topic covers how to improve the security of user sign-in by adding application location based on IP address in Microsoft Authenticator push notifications.  
 
@@ -34,6 +34,9 @@ The additional context can be combined with [number matching](how-to-mfa-number-
 
 ### Policy schema changes 
 
+>[!NOTE]
+>In Graph Explorer, ensure you've consented to the **Policy.Read.All** and **Policy.ReadWrite.AuthenticationMethod** permissions. 
+
 Identify a single target group for the schema configuration. Then use the following API endpoint to change the displayAppInformationRequiredState property to **enabled**:
 
 https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator

articles/active-directory/authentication/how-to-mfa-number-match.md

@@ -4,7 +4,7 @@ description: Learn how to use number matching in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/28/2022
+ms.date: 03/18/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
@@ -38,7 +38,7 @@ Number matching is available for the following scenarios. When enabled, all scen
 - [NPS extension](howto-mfa-nps-extension.md)
 
 >[!NOTE]
->For passwordless users, enabling number matching has no impact because it's already part of the passwordless experience. 
+>For passwordless users, enabling or disabling number matching has no impact because it's already part of the passwordless experience. 
 
 ### Multifactor authentication
 
@@ -126,7 +126,7 @@ You will need to change the **numberMatchingRequiredState** from **default** to
 Note that the value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we will use **any**, but if you do not want to allow passwordless, use **push**. 
 
 >[!NOTE]
->For passwordless users, enabling number matching has no impact because it's already part of the passwordless experience. 
+>For passwordless users, enabling or disabling number matching has no impact because it's already part of the passwordless experience. 
 
 You might need to patch the entire includeTarget to prevent overwriting any previous configuration. In that case, do a GET first, update only the relevant fields, and then PATCH. The following example only shows the update to the **numberMatchingRequiredState**.