Microsoft has added a new security feature to its Microsoft Authenticator app that lets users block unexpected multi-factor authentication (MFA) alerts. This feature is designed to protect users from phishing and credential forwarding attacks, which try to trick users into approving malicious login requests.
What is Microsoft Authenticator
Microsoft Authenticator is a free app that you can download on your iOS or Android device. It makes it easy and safe to prove who you are when you sign in to your Microsoft account and other supported services. The app uses multi-factor authentication (MFA), which means you need to provide two or more pieces of evidence to prove your identity, such as a password and a one-time code, or a password and approval from the app.
You can also use Microsoft Authenticator to sign in to your accounts without typing a password. Just scan a QR code or approve a notification on your phone. The app also has other useful features, such as password generation and storage, biometric login, and account backup and recovery.
How blocking suspicious alerts works
Microsoft Authenticator now has a new security feature called suspicious alert blocking. This feature is turned on by default for all users. It can tell when you get a multi-factor authentication (MFA) alert that you didn’t ask for. This could be a sign that a cybercriminal has your username and password and is trying to get into your account.
If Microsoft Authenticator thinks an alert is suspicious, it will block it. You won’t get a notification on your phone. Instead, you’ll see a message in the app telling you that Microsoft Authenticator blocked a suspicious alert. You can then choose to approve or deny the login attempt.
When the app detects a suspicious alert, it automatically blocks it and displays a message informing the user that someone has tried to log into your account and that you should change your password as soon as possible. The user can also see more details about the login attempt, such as the attacker’s location, device, and browser.
Blocking suspicious alerts works for personal and work/school Microsoft accounts and other services that use Microsoft’s claims-based MFA protocol, such as Entra ID, Microsoft 365, and Dynamics 365.
How to disable blocking suspicious alerts
Although suspicious alert blocking is enabled by default, Users can disable it from the Microsoft Authenticator app settings. However, Microsoft recommends keeping it activated to improve the security of your accounts and avoid possible identity theft.
To disable blocking suspicious alerts, users should follow these steps:
- Open the Microsoft Authenticator app and tap the menu icon (three horizontal lines) in the top left corner.
- Click on Settings and then on Security.
- Slide the Block suspicious alerts and switch to the off position.
Microsoft is improving its Microsoft Authenticator app, including a new feature that blocks suspicious login alerts. The company says this is just one of many ways to make the app more secure and convenient. Microsoft is also encouraging users to download and use the app to protect their accounts and make it easier to sign in.