Multi-Factor Authentication (MFA) is a great feature for securing access to Enterprise applications but when a user receives a multi-factor authentication request when they aren’t expecting it, what they do? They can ignore the call or answer and hang up without pressing # to deny access to the person attempting to use their credentials.
This new feature "Fraud Alert" adds more value to the security by taking it to the next step by allowing the user to be more proactive about attempted attacks. They can answer the phone and enter their configured fraud alert code to report the attempted access. Not only it will deny the authentication taking place, but will block the user’s account so that additional authentication attempts are automatically denied without continuing to bother the user. It can also send an email notification to any configured email addresses so that they can take action, investigate, and change the user’s password. Once they have taken appropriate action, they can unblock the user’s account in the MFA Management Portal.
Turn on fraud alerts
This new feature "Fraud Alert" adds more value to the security by taking it to the next step by allowing the user to be more proactive about attempted attacks. They can answer the phone and enter their configured fraud alert code to report the attempted access. Not only it will deny the authentication taking place, but will block the user’s account so that additional authentication attempts are automatically denied without continuing to bother the user. It can also send an email notification to any configured email addresses so that they can take action, investigate, and change the user’s password. Once they have taken appropriate action, they can unblock the user’s account in the MFA Management Portal.
Turn on fraud alerts
- Sign in to the Azure portal as an administrator.
- Browse to Azure Active Directory > MFA Server > Fraud alert
- Set the Allow users to submit fraud alerts setting to On
- Select Save
Configuration options
Block user when fraud is reported: If a user reports fraud, their account is blocked for 90 days or until an administrator unblocks their account. An administrator can review sign-ins by using the sign-in report, and take appropriate action to prevent future fraud. An administrator can then unblock the user's account.
Code to report fraud during initial greeting: When users receive a phone call to perform two-step verification, they normally press # to confirm their sign-in. To report fraud, the user enters a code before pressing #. This code is 0 by default, but you can customize it
Note: The default voice greetings from Microsoft instruct users to press 0# to submit a fraud alert. If you want to use a code other than 0, record and upload your own custom voice greetings with appropriate instructions for your users.
View fraud reports
- Sign in to the Azure portal
- Select Azure Active Directory > Sign-ins. The fraud report is now part of the standard Azure AD Sign-ins report