Microsoft Implements Number Matching MFA to Combat Fatigue Attacks

Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to combat multi-factor authentication (MFA) fatigue attacks. Cybercriminals use MFA push spam to flood targets with mobile push notifications asking them to approve attempts to log into their corporate accounts using stolen credentials. Microsoft will start enforcing number matching for Microsoft Authenticator MFA alerts to block MFA fatigue attack attempts across tenants beginning May 8, 2023. Users can manually enable number matching before Microsoft removes the admin controls.