Score:0

How to change Microsoft Azure MFA from "enter code" to "approve request"

pk flag
JFL

We have a M365 tenant with MFA enforced for all users.

We can use either text message (SMS) or Microsoft Authenticator app on smartphone with a Time Based code (6 digit TOTP code).

We would like for some users to have the MFA set to "approval" mode. I.E. when the user try to login, the MS Authenticator ask the user to approve the sign-in request and the user simply need to push on the 'approve' button.

How can we configure this?

Note: we are aware this may be less secure and some users will simply approve any request even if they are not the originator. This is to be set up for very specific users which we trust to use this feature correctly.

Score:1
br flag

You need to Enable passwordless phone sign-in authentication methods

To enable the authentication method for passwordless phone sign-in, complete the following steps:

  1. Sign in to the Azure portal with an Authentication Policy Administrator account.

  2. Search for and select Azure Active Directory, then browse to Security > Authentication methods > Policies.

  3. Under Microsoft Authenticator, choose the following options:

    a. Enable - Yes or No

    b. Target - All users or Select users

  4. Each added group or user is enabled by default to use Microsoft Authenticator in both passwordless and push notification modes ("Any" mode). To change the mode, for each row for Authentication mode - choose Any, or Passwordless. Choosing Push prevents the use of the passwordless phone sign-in credential.

  5. To apply the new policy, click Save.

Hope this helps!

JFL avatar
pk flag
JFL
Yes it works. Thanks. Only thing is, when trying to sign in, it ask for a TOTP and you have to clik on the small link after "Having trouble"; "Sign in another way" and the you can send the push notification. We will also test the passwordless method.
JFL avatar
pk flag
JFL
Regarding the issue in my previous comment, I figured it. The user must connect to https://mysignins.microsoft.com/security-info and change its default sign-in method.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.