Description
- Type: CUSTOMER
- Severity: NOTICE
- Protection against: Hacking > Use of Stolen Creds
- FIX Available: YES
This Customer Check verifies if Microsoft Authenticator displays the location during a login attempt.
Why this check?
When Microsoft Authenticator is enabled, an employee receives a push notification on their phone during a login attempt. With the feature to display the location enabled, the notification will show the location from which the login attempt was initiated, based on the IP address. This helps the employee recognize and reject fraudulent login attempts.
In a separate check CHK-1142, it is verified whether the app name of a login attempt is also displayed. Together, these two aspects lead to notifications like this:
Example of context info |
Example in case number matching is enabled |
What possible outcomes does the check have?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: Displaying the location during login attempts is enabled
- Notice: Displaying the location during login attempts is not yet enabled.
How should this be followed up?
If the output is Notice, we advise enabling the display of the location during login attempts.
A Fix is available for this check, which we will offer via Attic.
Comments
0 comments
Please sign in to leave a comment.