skip to Main Content

Prevent MFA fatigue attacks in organization

Many MFA fatigue attacks happen worldwide, and it’s the news everywhere. Organizations are scared that users give access to attackers when they get an MFA request notification and press approve by accident. So how to prevent MFA fatigue attacks? In this article, you will learn how to protect the organization from MFA fatigue attacks.

MFA fatigue attacks

MFA fatigue attacks, also known as MFA bombing, is a strategy used by hackers to get around Multi-Factor Authentication when breaking into user accounts.

Hackers use stolen, leaked, or guessed credentials for their login attempt, and the account owner is continuously bombarded with prompts asking them to verify their identity. This barrage continues until they slip up, are worn down psychologically, or the attacker moves on.

Read more on how to protect the organization from using leaked/breached passwords:

How to prevent MFA fatigue attacks

Protect the organization from MFA fatigue attacks and enable the below Microsoft Authenticator features in Azure AD:

1. Enable Azure MFA number matching

Read more in the article Enable Azure MFA number matching.

Require number matching for push notifications is a feature in Azure AD. It presents users with a number when they respond to an MFA push notification using the Authenticator app. They need to type that number into the app to complete the approval.

Note: Microsoft will enable Azure MFA number matching by default for all tenants from February 27, 2023.

The below screen shows how it looks in the Microsoft Authenticator app for the user.

MFA fatigue attacks number matching

2. Enable Azure MFA application name

Read more in the article Enable Azure MFA application name.

Show application name in push and passwordless notifications is a feature in Azure AD. When a user receives a passwordless phone sign-in or MFA push notification in Microsoft Authenticator, they’ll see the name of the application that requests the approval where the sign-in originated from.

The below screen shows how it looks in the Microsoft Authenticator app for the user.

MFA fatigue attacks application name

3. Enable Azure MFA geographic location

Read more in the article Enable Azure MFA geographic location.

Show geographic location in push and passwordless notifications is a feature in Azure AD. When a user receives a passwordless phone sign-in or MFA push notification in Microsoft Authenticator, they’ll see the geographic location based on the IP address that requests the approval where the sign-in originated from.

The below screen shows how it looks in the Microsoft Authenticator app for the user.

MFA fatigue attacks geographic location

That’s it!

Read more: Add tag to external emails in Microsoft 365 for extra security »

Conclusion

You learned how to prevent MFA fatigue attacks. Improve MFA security by enabling all these features. It’s a straightforward process that helps security tremendously in the organization. Don’t wait, and do it now!

Did you enjoy this article? You may also like Export disabled users from Active Directory. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *