Prevent MFA fatigue attacks in organization

Many MFA fatigue attacks happen worldwide, and it’s the news everywhere. Organizations are scared that users give access to attackers when they get an MFA request notification and press approve by accident. So how to prevent MFA fatigue attacks? In this article, you will learn how to protect the organization from MFA fatigue attacks.

MFA fatigue attacks

MFA fatigue attacks, also known as MFA bombing, is a strategy used by hackers to get around Multi-Factor Authentication when breaking into user accounts.

Hackers use stolen, leaked, or guessed credentials for their login attempt, and the account owner is continuously bombarded with prompts asking them to verify their identity. This barrage continues until they slip up, are worn down psychologically, or the attacker moves on.

Read more on how to protect the organization from using leaked/breached passwords:

• Secure Active Directory passwords from breaches
• Configure Microsoft Entra Password Protection for on-premises

How to prevent MFA fatigue attacks

Protect the organization from MFA fatigue attacks and enable the below Microsoft Authenticator features in Azure AD:

1. Enable Azure MFA number matching

Read more in the article Enable Azure MFA number matching.

Require number matching for push notifications is a feature in Azure AD. It presents users with a number when they respond to an MFA push notification using the Authenticator app. They need to type that number into the app to complete the approval.

Note: Microsoft will enable Azure MFA number matching by default for all tenants from February 27, 2023.

The below screen shows how it looks in the Microsoft Authenticator app for the user.

2. Enable Azure MFA application name

Read more in the article Enable Azure MFA application name.

Show application name in push and passwordless notifications is a feature in Azure AD. When a user receives a passwordless phone sign-in or MFA push notification in Microsoft Authenticator, they’ll see the name of the application that requests the approval where the sign-in originated from.

The below screen shows how it looks in the Microsoft Authenticator app for the user.

3. Enable Azure MFA geographic location

Read more in the article Enable Azure MFA geographic location.

Show geographic location in push and passwordless notifications is a feature in Azure AD. When a user receives a passwordless phone sign-in or MFA push notification in Microsoft Authenticator, they’ll see the geographic location based on the IP address that requests the approval where the sign-in originated from.

The below screen shows how it looks in the Microsoft Authenticator app for the user.

That’s it!

Read more: Add tag to external emails in Microsoft 365 for extra security »

Conclusion

You learned how to prevent MFA fatigue attacks. Improve MFA security by enabling all these features. It’s a straightforward process that helps security tremendously in the organization. Don’t wait, and do it now!

Did you enjoy this article? You may also like Export disabled users from Active Directory. Don’t forget to follow us and share this article.