Two weeks ago, at Microsoft Ignite in Orlando, Microsoft announced the public preview of Password-less phone sign-in. We enabled this feature right after the session in our company tenant, and we have all been super excited about this cool way of signing in. One big step closer to a more secure and password less world.
This blog post will explain how to configure password-less phone sign-in and how to enable this feature for your users. Please note that this is still a pre-release feature.
Prepare the Tenant
First we need to install the latest version the of Azure Active Directory V2 Preview PowerShell Module. This can be done by running the following PowerShell command:
go to these guys Install-Module -Name AzureADPreview
Please note that the AzureAD Preview Module might need to be updated, if your already have an older version installed.
When the Azure AD Preview Module is up to date, you can connect to your Azure AD, with the following command.
If you are connecting to a customer tenant and want to enable this with your own B2B account, you need to specify the TenantId and you must be either Security Administrator or Global Administrator.
Learn More Connect-AzureAD -TenantId ronnipedersen.onmicrosoft.com
When connected to the tenant you need to configure, you just need to run the following command:
That’s it… You have now enabled phone sign-in for all users in the Tenant.
Enable phone sign-in for users
For the public preview, there is no way (that I know of) to enforce users to create or use this new credential.
End users will only encounter password-less sign-in once the user has updated their Microsoft Authenticator App to enable phone sign-in.
Check This Out Important: This capability has been in the app since March of 2017, so there is a possibility that when the policy is enabled for a tenant, users may encounter this flow immediately. Be aware and prepare your users for this change.
- Enroll Azure Multi-Factor Authentication.
- User the latest version of Microsoft Authenticator for iOS 8.0 or Android.
More information on how to get started with the Microsoft Authenticator app:
When the Microsoft Authenticator App is configured and working as expected, users must perform the following steps to enable Password-Less Phone sign-in:
Go to the Accounts screen of the app, select the drop-down arrow for your work or school account, and then select http://havanatranquility.com/daeso/3443 Enable phone sign-in.
One of the prerequisites, is that the device is registered within the Azure AD tenant, to an individual user. Due to device registration restrictions, a device can only be registered in a single tenant. Basically, this means that only one work or school account in the Microsoft Authenticator app can be enabled for phone sign-in.
Click tchat rencontre ado Continue to register the device.
You will get prompted to sign-in…
And then you will get prompted to register the device.
When the device registration process is complete, you are ready to sign-in without using a password.
End User Experience
To test this just sign in to your work or school account, as normal (If required use a private browser).
Type your username and click je fais des rencontres sur internet Next.
You should then see a page with a two-digit number, asking you to approve the sign-in through the Microsoft Authenticator app. If you don’t want to use this sign in method, you can always select “ visit this site Use your password instead”.
In the Microsoft Authentication app, you’ll get a notification asking you to Approve sign-in.
Tap the same number you see on the Approve sign-in screen. Use your phone’s PIN or your biometric key to complete the authentication.
That’s it… You are now one step closer to a more secure and password-less world!
If you want to learn more about Getting to world without password, you can see the full session from Microsoft Ignite 2018 right here:
site rencontre amis canada Download the Slide Deck: