After years of promoting MFA to block 99% of all cyber attacks (Multi-factor authentication blocks automated attacks – August 2019) Microsoft are currently working to suppress notifications. Why suppress MFA?
What is happening?
Microsoft are suppressing Authenticator Notifications from risky sources.
By intelligently identifying risky sources like unknown IP addresses, the system can effectively differentiate potentially malicious attempts from legitimate ones. This approach seeks to streamline the authentication process. It effectively ignores requests originating from unfamiliar locations, meaning less interuptions to you.
This suppression of notifications will apply to both Phone-Sign in and Multi-Factor Authentication (MFA) notifications.
When is it happening?
Roll out started in August, and is expected to complete by late September 2023. You may already have this functionality.
How this will affect your users?
This new functionality is being rolled out to users silently. It will only intervene in the authentication process when an Authenticator request originates from an unfamiliar location. Users will not be explicitly notified about this change or any suppression of notifications. The system will simply intervene when it detects a login attempt from an unrecognized or unfamiliar source.
End users probably wont notice any change, and nor should they.
Infact, the only way they will notice is when they try to sign in from what is considered a “Risky Location”. Instead of receiving a simple notification, they will be asked to go into the Microsoft Authenticator App to perform he nessesary steps to authenticate.
...but, Why suppress MFA?
All of this seeks to protect your end users, as we’ve seen many breached accounts that do have MFA enforced!
How? Well, on some occasions end users have become complaisant. They see a notification, and just allow it!, instead of questioning “Is this me trying to login?”.
This change means a threat actor or hacker who has purchased your end users stolen passwords has much less chance of being accidentally allowed into your system by your unsuspecting and complaisant victim.
Continuous Cyber Security Improvement
As part of our service ethos, CTO invests a great deal of time and effort striving for improvements to our own, and our customers’ IT systems.
We regularly analyse settings and functionality within existing services. This ensures Vendor level improvements, like the one discussed in this article, are considered for use across our customer base, and communicated effectvively. Similar vendor led improvements have seen early adoption such as our work in Microsoft 365 for the use of Multi-factor Authentication in 2019, and Security Defaults as standard in early 2020.
You can keep up with Microsoft changes and development for the M365 platform here at the Microsoft 365 roadmap.