Back to Announcements

Security Feature Updates From Microsoft

All Campus, LITS, Campus Advisory posted

Microsoft has implemented changes to increase the security of Multifactor Authentication push notifications and to warn you when you receive potentially harmful email messages. You will now enter a two-digit number for Multifactor Authentication instead of tapping on “Approve” or “Deny,” and you will now see pop-up messages when an email arrives from a new sender outside of Trinity College. Learn more

Number Matching

Microsoft is moving to a more secure method of authentication that changes “Push” notifications. The new process for logging into Microsoft 365 gives you an auto-generated number to type into your device. “Number matching” means that when users go through an MFA Authentication, they see a number they must enter in the Authenticator app to complete the authentication process.

Why Number Matching Can Help

This specific technology protects you from absent-mindedly or mistakenly tapping “Approve” on an MFA notification and giving an attacker access to your account.

Instead of just seeing “Approve” or “Deny,” your MFA prompts on your phone will include a two-digit code that you must enter on your phone to confirm that you initiated the prompt yourself. It looks like this:

A visual depiction of the Microsoft Authenticator number matching user experience

This makes it impossible for an attacker with your password to take over your account with a notification – unless that attacker somehow sends the number on their computer screen to you during the handful of seconds when it is valid.

Because you only have to type two digits, it doesn’t increase the difficulty of signing into your account compared to other MFA methods, such as typing a six-digit code from a software token or SMS message.

This change does not affect your login process if you use SMS text messaging or one-time passcodes (OTP) via an authenticator app. If you are not using the Microsoft Authenticator app, it is highly recommended that you configure your account for it. You can do this by visiting the Multi-Factor Authentication webpage.

Note: The number matching feature doesn’t work with smartwatches; there is no ETA on when this capability will occur.

Click here to learn more about this upgraded feature and its importance.

 

First Contact Safety Tip

Microsoft introduced a feature called “first contact safety tips.” These safety tips appear in outlook web, desktop, and mobile clients and notify recipients the first time they get a message from the sender or if they don’t often get messages from the sender. This capability adds an extra layer of security protection against impersonation attacks.

Increasingly, the college is targeted by phishing attacks that leverage some form of email spoofing. Email spoofing involves an external email address impersonating a staff or faculty member to mislead, manipulate, and scam an unsuspecting victim. The purpose of this message is to make the recipient aware that the message originated from outside our organization. A sample message can be seen below.

 

Please note that we cannot turn off this security feature for individual accounts. Our goal is to protect the campus from phishing and spoofing attacks. These efforts require the participation of our entire community, as no one is immune from these attacks. There will be instances that you get this message from known recipients. There is no need to report this as Microsofts algorithms will pick this up and will remove the notification over time.