The Enabling Technologies Blog


Mark Brezicky / / Categories: Azure, Cloud, Productivity, Cloud Security

Password-less sign in for Azure AD

Microsoft recently announced password-less phone sign in for Azure AD accounts.  If your users are already using Azure Multi-Factor Authentication with Microsoft Authenticator app, your already most of the way there to start saying goodbye to passwords.  This sign in option is available for any identity model (Cloud, Synced, or Federated) as well as whether you are using Azure MFA in the cloud or Azure MFA server on-premises.

 In order to enable this feature you need to use Azure AD Preview PowerShell Module as the cmdlets are not available yet in the regular Azure AD module.  Follow these steps to enable your tenant for password-less sign in.

 Run PowerShell as Admin

Uninstall-Module AzureAD (only if previously installed)

Install-Module -Name AzureADPreview

New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition '{"AuthenticatorAppSignInPolicy":{"Enabled":true}}' -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

To enable each user the following three steps are required.

  • Enable Azure MFA, if not already enabled
  • Install or update to the latest version of Microsoft Authenticator for iOS (8.0 or greater) or Android (6.0 or greater)
    • Not supported for Windows Phone
  • Go to the Accounts screen of the app, select the drop-down arrow for your work or school account, and then select Enable phone sign-in. You should see a Key icon next to your account within the app.

While this feature has been available for a while now, it is finally supported with Office 365 and Azure AD for password-less sign ins.  Depending on your organization configuration, you may be required to register your device and setup a security lock feature (PIN, biometric, etc.) on your device.  Users must have the capability to register devices themselves. 

 Next time you sign in you will be prompted by Microsoft Authenticator to enter the correct number value to sign in.  However, if you ever lose your device or simply wish to use your password again, there is the option to do so during the sign in process.

 Image1Image2-1

 

Passwords are becoming a thing of the past.  With Password-less sign in, you can extend this capability to not just Office 365 within Azure AD, but any and all of the over 3000 supported SaaS applications, on-premises applications via Azure AD Application proxy, or any other application with SSO integration with Azure AD.  If you already have Azure MFA deployed or are looking to expand upon your current protection capabilities, contact Enabling Technologies to allow us to see how we can assist with your security goals.  You can also check out our other security offerings at our SecureIT page on our website.

Subscribe to Email Updates

Refine by

To expand the list, please click on the double arrows.

 

Search by Category or Author: