Report MFA Fraud

MFA Fraud

Within the scope of the Security Essentials Identity Security sprint or an Organizational equivalent, the creation of a policy that will require all users to complete an MFA prompt during authentication attempts will be instated. With the enforcement of this new policy, also comes additional security functionality that will allow users to report fraud if they receive a two-step verification request that they didn't initiate. This guide will instruct individuals who receive an MFA request that they didn’t initiate how to report the fraudulent attempt to administration through the Microsoft Authenticator App.

This guide will accomplish the following:

• Reporting a Fraudulent MFA Prompts

Applicable Scope: Internal Users

Required Group Membership: N/A

Reporting a Fraudulent MFA Prompt

1. If you ever receive a Microsoft Authenticator App notification that you know you didn’t initiate from another device, such as your laptop, desktop, or tablet. This could be a potential indicator of compromise and taking extra precaution to alert administration will be necessary. Select the notification that has been generated from the Authenticator App.
   
2. Within the Authenticator App you will see prompt asking you to input the numbers that are being displayed from the other machine that is initiating authentication utilizing your account credentials. Since to the best of our knowledge we didn’t initiate this request, we will want to select the No, it’s not me action.
   
3. After selecting the action above, you will see a new disclaimer outlining that commencing the following action will prevent your account from being able to complete authentication attempts until the technical decision maker within your organization can reset the compromised information. Select the Report action to notify administration of the MFA fraud that has happened, preventing further access for your account until the possible threat can be remediated.
   

Need Assistance?