Go Passwordless With Microsoft Authenticator Passwordless Sign-in.

Microsoft Authenticator passwordless sign-in (PREVIEW) can be used for free to allow you or your users to go passwordless without much effort.

Here is a quick guide on how to setup “Microsoft Authenticator passwordless sign-in” on your tenant.

Prerequisites:

There are a few steps we need to take before enabling this feature.

  • You must have the “Users can use the combined security information registration experience” setting enabled. “HOW TO ENABLE
  • Your tenant must be enabled for MFA with push notifications through the Microsoft Authenticator app in order to use this method.
  • MFA has to be enabled for the account.
  • The device has to be registered to the company tenant.
  • The iOS / Android devices are required to have a passcode to access the phone.

How to configure Microsoft Authenticator passwordless sign-in.

We need to make changes to your phone and as global admin on your tenant.

Microsoft Authenticator setup on your phone.

The first step of enabling this feature for yourself or your users is to access the Microsoft Authenticator app and select your account.

Select the account you want to enable passwordless for.

We need to enable the “Enable phone Sign-in” option under our account.

This image has an empty alt attribute; its file name is image-6.png
Click “Enable Phone Sign-in” under your account.

After clicking “Enable Phone Sign-in” you need to register your device to your company tenant.

This image has an empty alt attribute; its file name is image-7.png
This image has an empty alt attribute; its file name is image-9.png

When you’re done with the registration of your device, passwordless sign-ins has been enabled. Now it is required to enable it from the tenant for your specific account. This feature can also be enabled for a group instead.

This image has an empty alt attribute; its file name is image-11.png

Tenant configuration

We need to access the Azure Active Directory admin portal.

Azure Active Directory Admin Portal.

In the left panel go to “Security > Authentication methods”

Access the authentication methods site.

After you have selected the “Microsoft Authenticator passwordless sign-in”, you can now select enable and add the users you want to be allowed to use this feature.

The user experience.

You will begin to receive a 2 digit number, chosen from a list inside the Authenticator app on your phone. It is required to confirm with either FaceID or Passcode.

This image has an empty alt attribute; its file name is image-14.png

You are able to choose to use the password instead by clicking the link in the bottom of the sign-in page.

Note: This change will make conditional access trusted locations unusable. Otherwise, everyone at that location would just be able to login to your account without using a password.

If you have any questions / feedback or would like to correct me on any of the stuff above, please use the comment section or contact me directly using the blue button in the bottom right corner.

Leave a Comment