You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/how-to-mfa-additional-context.md
+13-6Lines changed: 13 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to use additional context in MFA notifications
4
4
ms.service: active-directory
5
5
ms.subservice: authentication
6
6
ms.topic: conceptual
7
-
ms.date: 07/22/2022
7
+
ms.date: 08/01/2022
8
8
ms.author: justinha
9
9
author: mjsantani
10
10
ms.collection: M365-identity-device-management
@@ -24,7 +24,7 @@ Your organization will need to enable Microsoft Authenticator push notifications
24
24
25
25
## Passwordless phone sign-in and multifactor authentication
26
26
27
-
When a user receives a Passwordless phone sign-in or MFA push notification in the Authenticator app, they'll see the name of the application that requests the approval and the location based on the IP address where the sign-in originated from.
27
+
When a user receives a passwordless phone sign-in or MFA push notification in the Authenticator app, they'll see the name of the application that requests the approval and the location based on the IP address where the sign-in originated from.
28
28
29
29
:::image type="content" border="false" source="./media/howto-authentication-passwordless-phone/location.png" alt-text="Screenshot of additional context in the MFA push notification.":::
30
30
@@ -34,16 +34,23 @@ The additional context can be combined with [number matching](how-to-mfa-number-
34
34
35
35
## Enable additional context
36
36
37
-
To enable additional context, complete the following steps:
37
+
To enable application name or geographic location, complete the following steps:
38
38
39
39
1. In the Azure AD portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.
40
-
1. On the **Basics** tab, click **Yes** and **All users** to enable the policy for everyone, and change **Authentication mode** to **Any**. Only users who are enabled for Microsoft Authenticator will see additional context. Anyone who isn't enabled for Microsoft Authenticator is unaffected.
40
+
1. On the **Basics** tab, click **Yes** and **All users** to enable the policy for everyone, and change **Authentication mode** to **Any**.
41
+
42
+
Only users who are enabled for Microsoft Authenticator here can be included in the policy to show the application name or geographic location of the sign-in, or excluded from it. Users who aren't enabled for Microsoft Authenticator can't see them.
41
43
42
44
:::image type="content" border="true" source="./media/how-to-mfa-additional-context/enable-settings-additional-context.png" alt-text="Screenshot of how to enable Microsoft Authenticator settings for Any authentication mode.":::
43
45
44
-
1. On the **Configure** tab, for **Show application name in push and passwordless notifications (Preview)** and **Show geographic location in push and passwordless notifications (Preview)**, change **Status** to **Enabled**, choose who to include or exclude from the policy, and click **Save**.
46
+
1. On the **Configure** tab, for **Show application name in push and passwordless notifications (Preview)**, change **Status** to **Enabled**, choose who to include or exclude from the policy, and click **Save**.
47
+
48
+
:::image type="content" border="true" source="./media/how-to-mfa-additional-context/enable-app-name.png" alt-text="Screenshot of how to enable additional context.":::
49
+
50
+
Then do the same for **Show geographic location in push and passwordless notifications (Preview)**.
51
+
52
+
:::image type="content" border="true" source="./media/how-to-mfa-additional-context/enable-geolocation.png" alt-text="Screenshot of how to enable additional context.":::
45
53
46
-
:::image type="content" border="true" source="./media/how-to-mfa-additional-context/additional-context.png" alt-text="Screenshot of how to enable additional context.":::
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/how-to-mfa-number-match.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to use number matching in MFA notifications
4
4
ms.service: active-directory
5
5
ms.subservice: authentication
6
6
ms.topic: conceptual
7
-
ms.date: 07/22/2022
7
+
ms.date: 08/01/2022
8
8
ms.author: justinha
9
9
author: mjsantani
10
10
ms.collection: M365-identity-device-management
@@ -89,7 +89,9 @@ To create the registry key that overrides push notifications:
89
89
To enable number matching, complete the following steps:
90
90
91
91
1. In the Azure AD portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.
92
-
1. On the **Basics** tab, click **Yes** and **All users** to enable the policy for everyone, and change **Authentication mode** to **Push**. Only users who are enabled for Microsoft Authenticator will see number matching. Anyone who isn't enabled for Microsoft Authenticator is unaffected.
92
+
1. On the **Basics** tab, click **Yes** and **All users** to enable the policy for everyone, and change **Authentication mode** to **Push**.
93
+
94
+
Only users who are enabled for Microsoft Authenticator here can be included in the policy to require number matching for sign-in, or excluded from it. Users who aren't enabled for Microsoft Authenticator can't see a number match.
93
95
94
96
:::image type="content" border="true" source="./media/how-to-mfa-number-match/enable-settings-number-match.png" alt-text="Screenshot of how to enable Microsoft Authenticator settings for Push authentication mode.":::
0 commit comments