Better Use of Number Matching and a Refined First Run Experience

The developers of the Microsoft Authenticator app have certainly been busy recently. Following on their announcement that a September 2025 update will make backup and restore easier, we now have the news released in message center notification MC1117816 (18 July 2025) that an update around the same time to simplify the sign-in experience and improve onboarding for users.

Modified Number Matching

In 2022, Microsoft added number matching to the Microsoft Authenticator app to reduce “MFA fatigue,” a symptom that can happen when users are asked to approve a stream of multifactor authentication challenges and can do so with a simple click. If a user responds with a series of clicks (without too much thinking), it makes it easier for an attacker to slip a bad challenge into the stream. Displaying a number and asking the user to match the number from a set of choices forces the user to pay attention. If they don’t, they probably won’t satisfy the challenge. Number matching became generally available in May 2023.

Good as number matching is at seizing user attention, it can sometimes run into difficulties. The most obvious is when Authenticator responds to a sign-in request for an app running on the app. The notification that a response is necessary can appear over the sign-in screen, meaning that the user can’t see the number they need to enter to satisfy the response.

To solve the problem, Microsoft is replacing the number choice with a simple yes or no. The experience is seamless on Android because all apps will pick up the new mechanism. On iOS, users of the Single Sign On (SSO) plug-in will still need to switch to the Authenticator app to complete the sign-in, but number matching won’t be required.

Users signing in from another device will still use number matching to satisfy the multifactor authentication challenge.

I have not seen the change in action, but I am familiar with the issue that Microsoft is attempting to solve. Indeed, so many notifications can pop-up on a busy device that tracking down authentication requests can be challenging. Anything that’s done to smoothen the user experience will be welcome.

Improving the First-Run Experience (FRX)

Microsoft is also making changes to the initial setup of the Authenticator app to give Entra ID accounts priority over personal accounts. I think this makes sense. The more that can be done to make multifactor authentication seamless for Entra ID users, the better the chances of driving the adoption of multifactor authentication in Microsoft 365 tenants. Attackers still target vulnerable accounts with techniques like password sprays.

According to Microsoft, 99.9% of compromised Entra ID accounts don’t use multifactor authentication. That figure should be sobering enough for any tenant administrator to take immediate action to improve their security stance by insisting that all user accounts are protected with multifactor authentication.

And if the Microsoft Authenticator app is easier for people to use, the resistance to moving from more traditional methods of satisfying challenges, like SMS, will be reduced. Some nagging is likely still needed (here’s a script to help) to convince tenant users to adopt strong multifactor authentication methods, but anything to remove barriers is a good idea.

Microsoft also says that they plan to make the option to scan a QR code more obvious. Again, this is goodness because many sites use QR codes as part of the multifactor authentication enrolment process.

Not Big Changes

Neither of the changes described here are in the category of earthshattering updates. Instead, the changes refine how the Microsoft Authenticator app works to make it easier for the average person to use. That’s a good thing, and I look forward to seeing the changes appear in September 2025.

Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365. Only humans contribute to our work!