MFA fatigue wouldn't be such a big problem if their MFA and SSO implementation was not so utter shit.
Whenever I get a signin prompt, there is literally no way to tell what I'm signing in for.
When the MS Authenticator app receives a MFA request notification, there is, yet again, no way to tell what service the request is for.
To add insult to injury, when I need to signin again for a SharePoint guest account, it consistently fails to correctly redirect me back to the SharePoint folder.
Microsoft's MFA is just security theatre. Take MS Teams for instance. Why does it ask me to sign in again, and yet still allow me to read messages that are already on the screen? Worse yet, the MS Teams desktop app can still receive new message notifications and display them while I have not re-logged in yet.
Wow this sounds like we are going through the same thing!
MS Teams' sign-in is truly asinine. If that data is sensitive you'd think they would at least try something more than keeping it on screen while a potential thief steals all the data for the utilities company I work at.
I assume this is all because of an unfortunate mix of on-prem services, cloud services and.. "quality" non-Linux server admins in general.
The worst part is I'm coming to this after having worked at Heroku. Everything was a tap of a Ubikey away; even the Salesforce Authenticator app was better than Microsoft Authenticator, which is pretty depressing to think about.
Whenever I get a signin prompt, there is literally no way to tell what I'm signing in for.
When the MS Authenticator app receives a MFA request notification, there is, yet again, no way to tell what service the request is for.
To add insult to injury, when I need to signin again for a SharePoint guest account, it consistently fails to correctly redirect me back to the SharePoint folder.
Microsoft's MFA is just security theatre. Take MS Teams for instance. Why does it ask me to sign in again, and yet still allow me to read messages that are already on the screen? Worse yet, the MS Teams desktop app can still receive new message notifications and display them while I have not re-logged in yet.