One of the most asked for features to the Microsoft Authenticator has been to give information about application and location. Now at the time of writing, currrently in private preview and unsupported, this functionality has been added. Another new feature currently in preview is the option to do number matching on all MFA push notifications, regardless of passwordless or regular MFA.
Both features need Authenticator to be enabled as an Authentication Method in AAD (passwordless).
The last one should show up as an option under Authenticator in the AAD Authentication Methods shortly, the first one is not yet in GUI.
Both features are available via Graph API. Thanks to Brian Reid for finding this.
PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator
Permission: Policy.ReadWrite.AuthenticationMethod
Body:
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity", "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration", "id": "MicrosoftAuthenticator", "state": "enabled", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations ('MicrosoftAuthenticator')/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false, "authenticationMode": "any", "outlookMobileAllowedState": "default", "displayAppInformationRequiredState": "enabled", "numberMatchingRequiredState": "enabled" } ] }
Leave A Comment