Why Passwordless
Implementing
features such as multifactor authentication (MFA) can significantly enhance the
security of your organization. However, users commonly experience frustration
when faced with an additional security layer in addition to remembering their
passwords. Passwordless authentication methods offer a more convenient
alternative by eliminating the need for passwords and instead utilizing
something you have, are, or know for authentication.
Authentication |
Something you
have |
Something you
are or know |
Passwordless |
Windows 10 Device,Phone, or Security key |
Biometric or PIN |
Custom Authentication Needs
- Microsoft Authenticator
- Windows Hello for Business
- Certificate-based authentication
- Passkeys (FIDO2)
- Platform Credential for macOS
- Platform single sign-on (PSSO) for macOS with smart card authentication
Configure Passwordless with Microsoft Authenticator
This authentication method is compatible across various device platforms, including mobile devices. Additionally, it can seamlessly integrate with any application or website that supports Microsoft Authentication Libraries.
Prerequisites
To use passwordless phone sign-in with Microsoft Authenticator, the following requirements are needed:- Ensure the latest version of Microsoft Authenticator is installed on iOS or Android devices.
- For iOS & Android devices, registration with each tenant where sign-in occurs is necessary.
- On April 2024 Microsoft has Introduced a Top new Feature to support Multiple user account registration from a single device.
To enable the authentication method for passwordless phone sign-in, complete the following steps:
Protection > Authentication methods > Policies.
- Enable - Yes
- Target – In our case we are going to select for All Users
Each added group or user is enabled by default to use Microsoft Authenticator in both passwordless and push notification modes (Any mode). To change the mode, for each row for Authentication mode - choose Any, or Passwordless. Choosing Push prevents the use of the passwordless phone sign-in credential.
The Microsoft Authenticator on Companion Application (Authenticator Lite) option is available within Entra ID to bypass the need of an extra application for the Multi-factor authentication process. As you may know, lots of people are using the Microsoft Outlook mobile app already on their device. For these users, with the Authenticator Lite feature, the
This Authenticator Lite feature can be controlled using the below settings
- Launch the Microsoft Authenticator app on your mobile device.
- Select the account you wish to enable Passwordless Authentication for.
- Configure the Passwordless feature on your Android mobile device, which is already set up for multi-factor authentication (MFA).
Now click on Setup Phone Sign in Option
Please ensure that Screen Lock settings are enabled before proceeding with the Device Registration Process.
Navigate to Portal.office.com and input your user ID, then select Next.
Upon selecting the Approve Sign in option with Number Matching, a push notification will be sent to your registered device prompting you to enter the corresponding number, along with the geographic location and the specific app used to access the application.
0 Comments