MFA Number Matching Process

Following will explain the MFA Number Matching Process.


Why is this necessary?

Number matching prevents a multi-factor authentication (MFA) fatigue attack – This is a social engineering cyberattack strategy where attackers repeatedly push authentication requests to the target victim’s registered devices. The goal is to coerce the victim into confirming their identity via notification, thus authenticating the attackers attempt at entering their account or device.

If you would like a bit information on why Microsoft are doing this please see Defend your users from MFA fatigue attacks - Microsoft Community Hub.


Who/When will it affect me?

WHO: For those SCU staff and students who have set their default authentication method as Microsoft Authenticator App on their phone.

WHEN: Next time a new token (new authorized device/browser) is required rather then getting the Approve button you'll get


What Will Happen

Step 1: Upon signing in to a Microsoft Service (OneDrive, Email, CRM), you will receive the prompt shown below to 'Approve sign in request' which will display a number

Step 2: Open the Microsoft Authenticator App on your phone and type in the number provided on the sign-in page - You will have 60 seconds before this times out

Important Note: The location shown in the map may not always match as it is the location of your Internet Service Provider, not your phone.

Example: The image shown below is taken from a staff member attempting to sign in to email while in Lismore. The location is shown as 'Sydney' as that is the location of the Staff's Internet Service Provider. This is expected behaviour as the service providers end point may be in a location that is not where you are presently