Hey guys, in my last post I talked about recovering access/resetting password. So today I will talk about the Azure Authentication Methods which includes a feature to go passwordless.
This feature will bring you greater security, after all passwords are the biggest causes of frauds, ransomwares and hacking nowadays. It will also help reduce the number of password reset tickets and help with the process of creating new user accounts.
The idea of this post will be to explain some concepts/methods and demonstrate how to enable this feature (If you already have MFA, the process will become even easier to be adopted).
Let’s get started: Go to Azure portal go to Security > Authentication Methods
As you can see above, there are 4 different methods and here below is the explanation of each one of them.
FIDO2 Security Key: Among other words, it is based on a USB device that may or may not have Bluetooth, NFC or fingerprint recognition. The vast majority of current devices use standard authentication (WebAuthn) and Microsoft has a list of supported devices. This option will allow the user to authenticate when inserting the device plus their fingerprint or with NFC/Bluetooth approach.
Microsoft Authenticator App: Well known in the market, with this app you can approve your access through a PIN or the insertion of your fingerprint.
Text Message : This method will ask you, instead of entering your username and password, enter your phone number (which must be registered before) and then it will send you an access code.
Temporary Access Pass:
This feature will help band new employee who dont have a password or MFA that is where the new Temporary Access Pass comes in. Basically, when creating a new user’s account, the administrator will be able to provide the TAP (Temporary Access Pass) to the new user. This Temporary Access Pass is a time-limited passcode that the user can apply to register their passwordless sign-in method among the methods enabled for that organization.
That said, let’s configure the passwordless option for a specific user, the option chosen for this scenario will be Microsoft Authenticator App.
Simple, easy and intuitive, save your changes and let’s go to the tests.
Go to the Azure portal, enter your username and click next
You will receive a message as shown below.
Go to the Microsoft Authenticator App and enter the requested number.
And then confirm using your fingerprint (If it’s enabled)
There we go, we’re in passwordless:
That’s all for today guys, see you in the next post.