Tag Archives: Azure AD

Password-less Azure AD sign-in

You can now use the Microsoft Authenticator app on your mobile phone, to sign in to any Azure AD account without entering a password. If you enable this feature in your tenant, persons who has enabled phone sign-in in the Microsoft Authenticator app will now see a message telling them to tap a number in their app when they are logging into Azure AD.

You might already know this feature from Windows Hello for Business, where the Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device and uses a biometric or PIN.

Prerequisites:

  • Azure Active Directory
  • End users enabled for Azure Multi-Factor Authentication
  • Users can register their devices

How to enable it:

  • Install the public preview release of the Azure Active Directory V2 PowerShell Module
    • Install-Module -Name AzureADPreview -RequiredVersion 2.0.1.18
  • In PowerShell, run two commands:
    • Connect-AzureAD
    • New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

Run the command Get-AzureADPolicy to see if it is active in your tenant

password-less login