Microsoft Authenticator passwordless sign-in (PREVIEW) is a free tool that allows you or your users to go passwordless without much effort. By using this feature, you can improve security and reduce the burden of managing passwords, making it easier and more convenient for users to access their accounts.
Here is a quick guide on how to setup “Microsoft Authenticator passwordless sign-in” on your tenant.
There are a few steps we need to take before enabling this feature.
- You must have the “Users can use the combined security information registration experience” setting enabled. “HOW TO ENABLE“
- Your tenant must be enabled for MFA with push notifications through the Microsoft Authenticator app in order to use this method.
- MFA has to be enabled for the account.
- The device has to be registered to the company tenant.
- The iOS / Android devices are required to have a passcode to access the phone.
How to configure Microsoft Authenticator passwordless sign-in.
We need to make changes to your phone and as global admin on your tenant.
Microsoft Authenticator setup on your phone.
The first step of enabling this feature for yourself or your users is to access the Microsoft Authenticator app and select your account.
We need to enable the “Enable phone Sign-in” option under our account.
After clicking “Enable Phone Sign-in” you need to register your device to your company tenant.
When you’re done with the registration of your device, passwordless sign-ins has been enabled. Now it is required to enable it from the tenant for your specific account. This feature can also be enabled for a group instead.
We need to access the Azure Active Directory admin portal.
In the left panel go to “Security > Authentication methods”
After you have selected the “Microsoft Authenticator passwordless sign-in”, you can now select enable and add the users you want to be allowed to use this feature.
The user experience.
You will begin to receive a 2 digit number, chosen from a list inside the Authenticator app on your phone. It is required to confirm with either FaceID or Passcode.
You are able to choose to use the password instead by clicking the link in the bottom of the sign-in page.
Note: This change will make conditional access trusted locations unusable. Otherwise, everyone at that location would just be able to login to your account without using a password.
If you have any questions / feedback or would like to correct me on any of the stuff above, please use the comment section or contact me directly using the blue button in the bottom right corner.