{"id":131,"date":"2023-02-17T13:28:35","date_gmt":"2023-02-17T13:28:35","guid":{"rendered":"http:\/\/www.technicaladept.com\/?p=131"},"modified":"2025-04-26T17:44:48","modified_gmt":"2025-04-26T17:44:48","slug":"microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching","status":"publish","type":"post","link":"https:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/","title":{"rendered":"Microsoft back down on plans to enforce  Microsoft Authenticator number matching"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Microsoft lack of spine networking<\/h2>\n\n\n\n<p>So, I&#8217;ve been talking to my security guy about Microsoft&#8217;s latest security backpedal. Let me tell you, he&#8217;s an unhappy bunny. Microsoft set a deadline of February 27th for enforcing Microsoft Authenticator number matching. Then they &#8220;listened to customers&#8221; and pushed it back to May 8th. Not only that, what they were previously going to enforce is now just going to be a default option that customers can switch off.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-medium wp-image-135\"><img decoding=\"async\" loading=\"lazy\" width=\"300\" height=\"147\" src=\"http:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/Feb27-300x147.png\" alt=\"Microsoft Notification bearing the following text. \nUpcoming Authentication number matching enforcement\nMicrosoft Authenticator number matching admin controls will be removed after February 27, 2023.\nNumber matching will be enforced for all Microsoft Authenticator users after this date.\" class=\"wp-image-135\" srcset=\"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/Feb27-300x147.png 300w, https:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/Feb27.png 383w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><figcaption class=\"wp-element-caption\">Enforcement deadline for February<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image aligncenter size-medium wp-image-134\"><img decoding=\"async\" loading=\"lazy\" width=\"300\" height=\"222\" src=\"http:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/May8-300x222.png\" alt=\"A Microsoft announcement with the following text.\nWhen will my tenant see number matching if I don't use the Azure portal or Graph API to roll out the change?\nNumber match will be enabled for all users of Microsoft Authenticator push notifications after May 8, 2023. We had previously announce that we will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications starting February 27, 2023, After listening to customers, we will extend the availability of the rollout controls for a few more weeks.\nRelevant services will begin deploying these changes after May 8, 2023 and users will start to see number match while others don't. To ensure consistent behaviour for all your users, we highly recommend you use the Azure portal or Graph API to roll out number match for all Microsoft Authenticator users\" class=\"wp-image-134\" srcset=\"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/May8-300x222.png 300w, https:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/May8.png 618w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><figcaption class=\"wp-element-caption\">Soft deadline for May<\/figcaption><\/figure>\n\n\n\n<p>This flip-flop behaviour is a trend for Microsoft&#8217;s security announcements and it&#8217;s becoming laughably predictable.<\/p>\n\n\n\n<p>They did the same with <a href=\"https:\/\/office-watch.com\/2022\/microsoft-reverses-office-macro-blocks-without-telling-customers\/\">office macros<\/a> and with switching off <a href=\"https:\/\/redmondmag.com\/articles\/2021\/02\/04\/microsoft-rethinks-plans-to-block-basic-auth.aspx\">basic authentication<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is number matching?<\/h2>\n\n\n\n<p>For those of you who don&#8217;t know, number matching is a security feature that requires users to enter a number on their device that matches the number in the authentication prompt. This added step helps prevent attackers from using stolen credentials to access the user&#8217;s account. And it&#8217;s important because push fatigue is a real thing. When users are bombarded with authentication requests, they start ignoring them or approving them through inattention or error. This makes it easier for attackers to access the user&#8217;s account. Number matching helps prevent push fatigue by adding an extra layer of security.<\/p>\n\n\n\n<p>But Microsoft&#8217;s kicking the can down the road is just causing confusion and undermining trust. My security guy has been handholding users as he moves their Microsoft Authenticator over to number match. Now Microsoft is shifting the deadline and allowing an opt-out. He feels like they don&#8217;t take security seriously. If Microsoft can&#8217;t seem to make up their mind on what&#8217;s important, how can customers trust that their systems are secure?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">My view<\/h2>\n\n\n\n<p>My view is that these artificial deadlines give us the leverage we need with customers to push through best practice security measures. Even though we both know that, when push comes to shove, Microsoft always backs down before the deadline. However the truth is that the best practice here is to roll out <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/10\/31\/cisa-releases-guidance-phishing-resistant-and-numbers-matching\">WebAuthn and FIDO2 keys<\/a>. Microsoft&#8217;s setting and then changing these deadlines can exhaust our resources on the wrong target. Number matching is a good second best for the time being. But the attackers will soon transition to more sophisticated phish sites. They will soon find this necessary in order to keep their numbers up. The attackers already have the technology standing by. Its just cheaper and more efficient to use the old techniques while they still work. Maybe that&#8217;s a tipping point that Microsoft has just moved from February to May. <\/p>\n\n\n\n<p>The old adage is that you don\u2019t have to run faster than the bear to get away. You just have to run faster than the guy next to you. If you&#8217;re like us, you&#8217;ve been relying on number matching to out pace the competition. This news from Microsoft may be too little and too late. But it does mean that we&#8217;ve now got a little longer to invest in Fido keys and roll them out. At least for our most sensitive accounts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft lack of spine networking So, I&#8217;ve been talking to my security guy about Microsoft&#8217;s latest security backpedal. Let me tell you, he&#8217;s an unhappy bunny. Microsoft set a deadline of February 27th for enforcing Microsoft Authenticator number matching. Then they &#8220;listened to customers&#8221; and pushed it back to May 8th. Not only that, what [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[11,10,13,12],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft back down on plans to enforce Microsoft Authenticator number matching | Technical Adept<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft back down on plans to enforce Microsoft Authenticator number matching | Technical Adept\" \/>\n<meta property=\"og:description\" content=\"Microsoft lack of spine networking So, I&#8217;ve been talking to my security guy about Microsoft&#8217;s latest security backpedal. Let me tell you, he&#8217;s an unhappy bunny. Microsoft set a deadline of February 27th for enforcing Microsoft Authenticator number matching. Then they &#8220;listened to customers&#8221; and pushed it back to May 8th. Not only that, what [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/\" \/>\n<meta property=\"og:site_name\" content=\"Technical Adept\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-17T13:28:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-26T17:44:48+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/Feb27-300x147.png\" \/>\n<meta name=\"author\" content=\"Matt Hardy\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matt Hardy\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/\"},\"author\":{\"name\":\"Matt Hardy\",\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29\"},\"headline\":\"Microsoft back down on plans to enforce Microsoft Authenticator number matching\",\"datePublished\":\"2023-02-17T13:28:35+00:00\",\"dateModified\":\"2025-04-26T17:44:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/\"},\"wordCount\":524,\"publisher\":{\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29\"},\"keywords\":[\"Fido2\",\"Microsoft\",\"Security\",\"WebAuthn\"],\"articleSection\":[\"Uncategorized\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/\",\"url\":\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/\",\"name\":\"Microsoft back down on plans to enforce Microsoft Authenticator number matching | Technical Adept\",\"isPartOf\":{\"@id\":\"https:\/\/www.technicaladept.com\/#website\"},\"datePublished\":\"2023-02-17T13:28:35+00:00\",\"dateModified\":\"2025-04-26T17:44:48+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.technicaladept.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft back down on plans to enforce Microsoft Authenticator number matching\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.technicaladept.com\/#website\",\"url\":\"https:\/\/www.technicaladept.com\/\",\"name\":\"Technical Adept\",\"description\":\"A place to put words I might want to share\",\"publisher\":{\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.technicaladept.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29\",\"name\":\"Matt Hardy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png\",\"contentUrl\":\"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png\",\"width\":300,\"height\":280,\"caption\":\"Matt Hardy\"},\"logo\":{\"@id\":\"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/www.technicaladept.com\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft back down on plans to enforce Microsoft Authenticator number matching | Technical Adept","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/","og_locale":"en_GB","og_type":"article","og_title":"Microsoft back down on plans to enforce Microsoft Authenticator number matching | Technical Adept","og_description":"Microsoft lack of spine networking So, I&#8217;ve been talking to my security guy about Microsoft&#8217;s latest security backpedal. Let me tell you, he&#8217;s an unhappy bunny. Microsoft set a deadline of February 27th for enforcing Microsoft Authenticator number matching. Then they &#8220;listened to customers&#8221; and pushed it back to May 8th. Not only that, what [&hellip;]","og_url":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/","og_site_name":"Technical Adept","article_published_time":"2023-02-17T13:28:35+00:00","article_modified_time":"2025-04-26T17:44:48+00:00","og_image":[{"url":"http:\/\/www.technicaladept.com\/wp-content\/uploads\/2023\/02\/Feb27-300x147.png"}],"author":"Matt Hardy","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Matt Hardy","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/#article","isPartOf":{"@id":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/"},"author":{"name":"Matt Hardy","@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29"},"headline":"Microsoft back down on plans to enforce Microsoft Authenticator number matching","datePublished":"2023-02-17T13:28:35+00:00","dateModified":"2025-04-26T17:44:48+00:00","mainEntityOfPage":{"@id":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/"},"wordCount":524,"publisher":{"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29"},"keywords":["Fido2","Microsoft","Security","WebAuthn"],"articleSection":["Uncategorized"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/","url":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/","name":"Microsoft back down on plans to enforce Microsoft Authenticator number matching | Technical Adept","isPartOf":{"@id":"https:\/\/www.technicaladept.com\/#website"},"datePublished":"2023-02-17T13:28:35+00:00","dateModified":"2025-04-26T17:44:48+00:00","breadcrumb":{"@id":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.technicaladept.com\/index.php\/2023\/02\/17\/microsoft-back-down-on-plans-to-enforce-microsoft-authenticator-number-matching\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.technicaladept.com\/"},{"@type":"ListItem","position":2,"name":"Microsoft back down on plans to enforce Microsoft Authenticator number matching"}]},{"@type":"WebSite","@id":"https:\/\/www.technicaladept.com\/#website","url":"https:\/\/www.technicaladept.com\/","name":"Technical Adept","description":"A place to put words I might want to share","publisher":{"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.technicaladept.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/f55bd44f0e2e66194706a07bafdd2e29","name":"Matt Hardy","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/","url":"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png","contentUrl":"https:\/\/www.technicaladept.com\/wp-content\/uploads\/2020\/01\/Matt-Profile-300.png","width":300,"height":280,"caption":"Matt Hardy"},"logo":{"@id":"https:\/\/www.technicaladept.com\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/www.technicaladept.com\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts\/131"}],"collection":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/comments?post=131"}],"version-history":[{"count":12,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts\/131\/revisions"}],"predecessor-version":[{"id":176,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/posts\/131\/revisions\/176"}],"wp:attachment":[{"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/media?parent=131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/categories?post=131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technicaladept.com\/index.php\/wp-json\/wp\/v2\/tags?post=131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}