Microsoft announced that passwordless authentication is now generally available in Azure AD! This is a major milestone in Microsoft’s strategy to encourage all of their users and organizations to go passwordless. Now organizations can rollout passwordless authentication across their hybrid environments at scale. Users get a familiar, simple to use authentication experience that offers industry best security and works across an increasingly broad set of devices and services.
Authentication methods management
Authentication methods policies form the foundation of our passwordless story. These policies provide IT admins with more granular control of authentication methods usage within their organizations. In the portal, you also can now see and delete passwordless methods on the User blade, for example revoking a FIDO2 Security Key registration if the user has lost it.
Figure 1: Authentication methods management in Azure Portal
Figure 2: Merged Microsoft Authenticator policy management configuration
Figure 3: A user’s registered credentials in Azure Portal
Improved user experiences
From the beginning, making the passwordless authentication flow delightful has been Microsofts top priority. Microsofts promotes credentials that users use frequently so they have the best user experience across devices. This credential will prompt for an authentication method, be it password or Authenticator app or FIDO key, until the user chooses “Other ways to sign-in,” to switch. People can choose when to begin using their new passwordless options and avoid having it foisted on them unexpectedly.
Figure 4: A user’s login page to select security key in Microsoft 365
Source: Microsoft Azure Active Directory Identity Blog
Secure your organization now