Learn how to maximize your Microsoft teams investment and bring world class calling into your Teams app today.
Watch this webinar to learn about 10 powerful best practices that you can start using right away!
Ransomware is a problem that everyone has but no one wants to talk about publicly. These are lessons learned from 1,200 victims.
As the identity management platform used by Microsoft 365, Azure Active Directory (AD) is used to control and manage user access to Microsoft 365 services and apps. When passwordless sign-in is enabled in Azure AD, instead of entering a password users can confirm their identity using the Microsoft Authenticator app, a FIDO2 security key, or by SMS message.
In this article, I will show you how to let users securely log in to Microsoft 365 using the Microsoft Authenticator app instead of a password.
Around 80 percent of successful attacks originate from compromised passwords. IT departments spend a lot of time managing passwords and recovering from security incidents where password exposure was the root cause. Multifactor authentication (MFA) is very effective at protecting passwords but it has a low adoption rate.
Microsoft is championing passwordless sign-in because it is more convenient for users and it provides a higher level of security than passwords. For additional information on passwordless sign-in and why passwords are a security risk, check out Understanding Windows 10 and Microsoft 365 Passwordless Sign-In on Petri.
The first requirement for passwordless sign-in in Microsoft 365 is that the ‘combined registration’ experience must be enabled in Azure AD. Combined registration brings together the registration experience for Azure MFA and self-service password reset. Beginning August 15th 2020, all new Azure AD tenants are automatically opted in for combined registration.
If you have an Azure AD tenant that was provisioned before August 15th 2020, you’ll need to enable combined registration manually.
You can enable combined registration by logging in to Azure AD using a global administrator account.
Optionally, you can click Selected and then pick a group of users instead of enabling combined registration for all users in the directory.
Users must register the Microsoft Authenticator app as an authentication method before they can use passwordless sign-in. If users have already registered Microsoft Authenticator for use with multifactor authenticator, they won’t need to reregister the app for use with passwordless sign-in.
You can enable multifactor authentication for users, either individually or in bulk, in the Microsoft 365 admin portal. For detailed instructions on how to set up multifactor authentication, see Enable Multi-Factor Authentication for Office 365 Users on Petri. Regardless of whether users are setup for passwordless sign-in, multifactor authentication should still be enabled and enforced to protect passwords.
If users need to add Microsoft Authenticator as an authentication method, they can do it here on the My Sign-ins page. Users will need to click Security info in the list of options on the left, click + Add method on the Security info screen, and then follow the on-screen instructions. Users can also choose ‘Microsoft Authenticator – notification’ as the default sign-in method.
Now that all the prerequisites are in place, you can enable passwordless sign-in for users in your Azure AD tenant.
Alternatively, you can set TARGET to Select users and enable passwordless sign-in for a group instead of all users in the directory.
Once your Azure AD tenant is set up for passwordless sign-in, users must set up the feature using the Microsoft Authenticator app. It’s worth noting that passwordless sign-in via the Microsoft Authenticator app can only be configured for one account at a time on a device.
Passwordless sign-in should now be enabled for the account. You can click the account again in the list of accounts to check that ‘Passwordless enabled’ is displayed on the account screen.
Finally, let’s see whether passwordless sign-in works for the account you configured above.
If you have recently signed in with the account, you may not need to enter the username again. In this case, you can click Send notification in the dialog or click Sign in with another account to change the account that you will use to sign in.
Initially, it might seem daunting to configure passwordless sign-in. But once you understand where all the configuration ‘bits’ are in Azure AD and the Microsoft Authenticator app, it’s easy to manage. Plus, passwordless sign-in provides a better experience for users over passwords. At least once they’ve gone through the initial setup process.
Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years’ experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early…
Nov 10, 2023
Nov 09, 2023
Create a free account today to participate in forum conversations, comment on posts and more.
Our sponsor help us keep our knowledge base free.
Active Directory is an essential part of Windows Server. It allows IT pros to manage computer resources on the network. In this guide, we’ll show you how to install Active Directory Users and Computers and the basics of working with it so you can manage Active Directory. Active Directory Users and Computers (ADUC) is built…
Last Update: Jun 15, 2023
The “trust relationship between this workstation and the primary domain failed” error means that the computer cannot access a network because it is offline, or that it has lost its membership to the Active Directory (AD) domain. This guide will help you understand what’s happening behind the scenes when this error occurs, and we’ll go…
Last Update: Jun 15, 2023
Whether you’re a PowerShell pro or just starting out, it’s useful to know how to check your PowerShell version. We’ll explain how to do that in this guide. How to check your PowerShell version Let’s quickly check the version of PowerShell installed on your device: For more details on the different ways to check the…
Last Update: Jun 15, 2023
Download this eBook to dive deeper into the main factors that influence Microsoft Teams calling quality, how to use the native Microsoft Teams call quality tools and how you can augment them with simple-to-use and clear dashboards that give you quick access to the key metrics.
Monitor, manage, and secure your IT infrastructure with enterprise-grade solutions built from the ground up.
At Object First, we believe in a world where data is safe and secure, and straightforward to implement and manage, releasing you from the burden of complex data management. We launched Object First to provide the best immutable Backup solution designed explicitly for Veeam using Object-based storage.
Create a free account today to participate in forum conversations, comment on posts and more.
Leave a Reply