Number Matching — Solving Microsoft 365

Number matching is the Microsoft Authenticator MFA mode where the user is shown a number on the sign-in screen and must enter that number in the Authenticator app push prompt to approve. Replaces simple tap-to-approve, which was vulnerable to MFA fatigue attacks. Microsoft enabled number matching by default for all tenants in 2023. When the user receives an unexpected push prompt, they can't approve it without seeing the number on a sign-in screen they themselves initiated — meaning attacker-triggered prompts can't accidentally be approved. Modern Authenticator also shows sign-in context (the app and location requesting auth) so users can verify the request looks legitimate.