Microsoft has upgraded its Authenticator app with a new default setting that automatically suppresses MFA push notifications deemed suspicious. This enhancement aims to strengthen security during the login process.

The Microsoft Authenticator application facilitates multi-factor authentication, offering features such as password auto-fill and passwordless sign-in for Microsoft services.

During an MFA-protected account sign-in, the app typically sends a notification to the user’s device, allowing them to approve or deny entry. It can also produce a time-limited code for entering manually.

Cybercriminals exploit this feature by bombarding the account with login attempts, often at odd hours, in hopes of wearying the user into mistakenly approving access. If successful, attackers can change account security settings, potentially locking out the rightful owner.

In May, Microsoft enhanced security by introducing “number matching,” where users confirm logins by entering numbers shown on their screens into the app. While this curbed “MFA fatigue” attacks, it didn’t stop the flow of disruptive notifications.

Microsoft’s latest update addresses this by analyzing login attempt peculiarities, such as unusual locations or odd activity patterns, to prevent questionable notifications from appearing. Users will instead be notified to check the app and input a code for login verification.

The new security feature has been effective since its completion in September, blocking over six million suspicious MFA notifications initiated by potential hacking attempts