Microsoft has been pushing for users to ditch passwords in favor of passwordless solutions for logging into Windows 11 and other services for some time. Another way to offer better security is with multi-factor authentication (MFA) by using the Microsoft Authenticator app.
In May, the app added a new feature that required all users to match the number sent by Microsoft before they could respond to a new MFA notification on their phone with the Authenticator app. This was made to help defeat the spamming of these kinds of notifications by hackers.
However, in a new blog post, Microsoft has announced it has extended this kind of protection for the Authenticator app. It states:
Following the deployment of this feature, we now suppress Authenticator notifications when a request displays potential risks, such as when it originates from an unfamiliar location or is exhibiting other anomalies. This approach significantly reduces user inconvenience by eliminating irrelevant authentication prompts.
If Microsoft's security system believes that an MFA request might be the result of a hacker attack, it will send the normal message to the user to type in the number to approve the sign-in attempt in the Authenticator app. However, a notification of that request won't pop up on the phone screen itself.
The behind-the-scenes update to the Microsoft Authenticator app still records the MFA request, but only if the user opens up the app itself to see it. That means a person who is expecting an MFA request can still get it and respond to it if they know in advance it is a legitimate request. It also means users can still access the request if they happen to miss it.
Microsoft says it quietly put this update in place in late September. It says that this has resulted in over "6 million passwordless and MFA notifications" being blocked. Microsoft claims that the vast majority of these blocked alerts came from "hacker-initiated notifications serving no value to customers."