Prepare an Azure Active Directory passwordless authentication setup.

Ganesh Chauhan, Technical Support Specialist, Microsoft Azure

Multifactor authentication (MFA) is a terrific approach to safeguard your company, but consumers often complain about the extra security layer on top of having to remember their passwords. Passwordless authentication solutions are more convenient because the password is removed and replaced with something you have in addition to something you are or know.

Authentication Something you have Something you are or know
Passwordless Windows 10 Device, phone, or security key Biometric or PIN

 

Passwords are the most common attack vector. To compromise passwords, bad actors use social engineering, phishing, and spray attacks. A passwordless authentication technique reduces the likelihood of these attacks.

When it comes to authentication, each company has various requirements. Microsoft Global Azure and Azure Government provide the three passwordless authentication alternatives listed below, all of which link with Azure Active Directory (Azure AD):

Microsoft provides three passwordless authentication alternatives that work with Azure Active Directory (Azure AD):

  • Microsoft Authenticator enables users to sign into any platform or browser using any iOS or Android phone as a robust, passwordless credential.
  • Security keys that are FIDO2-compliant – beneficial for users who sign in to shared machines like kiosks, in scenarios where phone use is limited, and for highly privileged identities.
  • Windows Hello for Business is best suited to users who have dedicated Windows computers.

Use the passwordless methods wizard

The Azure portal now includes a passwordless methods wizard to assist you in selecting the best approach for each of your audiences. If you haven’t already decided on the suitable ways, go to https://aka.ms/passwordlesswizard before returning to this post to continue planning for your chosen methods. To use this wizard, you must be an administrator.

Scenarios of passwordless authentication

Microsoft’s passwordless authentication mechanisms support a wide range of scenarios. To choose your passwordless authentication strategy, consider your organization’s needs, qualifications, and capabilities of each authentication technique.

The passwordless authentication methods are shown in the table below by device type. Our suggestions are highlighted.

 

Device types Passwordless authentication method
Dedicated non-windows devices ·         Microsoft Authenticator
·         Security keys
Dedicated Windows 10 computers (version 1703 and later) ·         Windows Hello for Business
·         Security keys
Dedicated Windows 10 computers (before version 1703) ·         Windows Hello for Business
·         Microsoft Authenticator app
Shared devices: tablets, and mobile devices ·         Microsoft Authenticator
·         One-time password sign-in
Kiosks (Legacy) Microsoft Authenticator
Kiosks and shared computers ‎(Windows 10) ·         Security keys
·         Microsoft Authenticator app

Professional Labs is the best cloud managed service provider in Qatar; for more information, please contact us
Contact Us | Professional labs (prolabsit.com)