Preventing Unauthorized MFA Prompts with Azure Fraud Alert Settings

Blocking Unwanted MFA Requests

Question

Note: This question is part of a series of questions that present the same scenario.

Each question in the series contains a unique solution that might meet the stated goals.

Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it.

As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

You need to block the users automatically when they report an MFA request that they did not initiate.

Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA)

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

A.

The fraud alert feature lets users report fraudulent attempts to access their resources.

When an unknown and suspicious MFA prompt is received, users can report the fraud attempt using the Microsoft Authenticator app or through their phone.

The following fraud alert configuration options are available: -> Automatically block users who report fraud.

-> Code to report fraud during initial greeting.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

The solution presented involves configuring Fraud alert settings for multi-factor authentication (MFA) in the Azure portal to automatically block users who report receiving an MFA prompt that they did not initiate. However, this solution is not correct and will not meet the goal.

The Fraud alert settings for MFA in Azure portal are used to identify potential fraudulent activities that involve MFA. For example, if a user who normally logs in from a specific location suddenly logs in from a different country, an alert can be generated to flag the activity as potentially fraudulent. However, this feature is not intended to address the issue of users receiving MFA prompts without initiating a sign-in request.

To address the issue of users receiving MFA prompts without initiating a sign-in request, the following steps should be taken:

  1. Review the MFA logs: Review the MFA logs to determine whether any unauthorized access attempts have occurred. The logs can help identify if there have been any unusual login attempts or if any suspicious activity has taken place.

  2. Check the user's devices: Check the user's devices to ensure that they have not been compromised or that any unauthorized applications have not been installed.

  3. Reset the user's MFA settings: If no unauthorized activity has been detected, reset the user's MFA settings to clear any potential issues with the authentication process.

  4. Train users on MFA usage: Provide training to users on how to use the Microsoft Authenticator app and how to report any suspicious activity.

In conclusion, the proposed solution does not meet the goal of automatically blocking users who report an MFA request that they did not initiate. The correct approach involves reviewing MFA logs, checking user devices, resetting MFA settings, and providing training to users on MFA usage.