Microsoft Authenticator Gets Number Matching and GPS Location Capabilities
Microsoft this week announced four new security features for the Microsoft Authenticator app that can be used for confirming mobile device user identities.
Two of the features are at the preview stage, while the other two are at the "general availability" (GA) commercial-release stage. The Microsoft Authenticator app is used to add two-factor identity verification to Android and iOS devices, such as requiring a password and a personal identification number (PIN) to gain access to apps and resources.
Number Matching and Additional Context Previews
A new number matching preview capability in Microsoft Authenticator prompts users to enter a number sent to them to verify their identities when attempting to sign into resources. This feature is described as reducing the possibility of "accidental approvals."
While the number matching feature is currently a preview to be tried, Microsoft intends to make it a default Microsoft Authenticator capability at some point after commercial release, per this Microsoft document:
Number matching is a key security upgrade to traditional second factor notifications in the Microsoft Authenticator app that will be enabled by default for all tenants a few months after general availability (GA). We highly recommend enabling number matching in the near-term for improved sign-in security.
A somewhat related new Microsoft Authenticator app feature, also at the preview stage, is an "additional context" capability. The additional context capability "will show users which application they are signing into and their sign-in location based on IP address," explained Alex Simons, corporate vice president of program management at the Microsoft Identity Division, in the announcement.
GPS Location and Registration Campaign GA
A Global Positioning System (GPS) location capability was added to Microsoft Authenticator at the GA commercial-release stage. The GPS capability permits IT pros to set policies that will restrict resource access based on country location. End users will need to verify their location "once every hour" to maintain access, per this Microsoft FAQ description.
Lastly, Microsoft released a feature for the Microsoft Authenticator app at the GA stage called "registration campaign." It's a way to prompt users to complete their Microsoft Authenticator setups.
"Using the Microsoft Authenticator Registration Campaign, you can now nudge your users to set up Authenticator and move away from less secure telephony methods," Simons indicated.
These new features add to others introduced this year. Microsoft released autofill capabilities for consumer users last month. In February, Microsoft added the ability to use Microsoft Authenticator as a password manager for mobile users, saving passwords automatically.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.