Azure AD Passwordless

Azure AD Passwordless

Authentification without password

The mutli-factor authentification or MFA permit to secure the access to the company’s cloud resources. With the functionnality of passwordless in Azure AD, the password is removed, the user can access to the cloud ressources without password. However, they must authenticate themselves from their phone (Microsoft Authenticator app) or Windows 10 computer (FIDO2 security keys).

Prerequities

You need use Azure Multi-Factor Authentication with notification method. The Microsoft Authentificator application must be installed on IOS 8.0 and later version or Android 6 and later version.

Enable authentication methods without a password by phone

From the Azure portal, click on Azure AD.

Access to Azure AD portal

Click on User Settings.

Configure user settings

On the central panel, click on Manage user feature preview setting.

Access to manage user feature

Enable Users can use preview features for registering and managing security info parameter for the desired user. Click on Save for save modification.

Enable parameter for passwordless

Enable Passordless

On Azure AD portal, click on Security.

Go to Security for passwordless

Click on Authentification methods and on Authentification method policy. Click on Microsoft Authentificator passwordless sign-in.

Open authentification rule

Click on Enable and select the desired target (All users or Select users). Click on Save for save modification.

Activate passwordless Configure policy

The modification is well taken.

Modification is OK for passwordless

Configure Microsoft Authentificator Application

From the Depuis le navigateur browser, access the URL https://aka.ms/mysecurityinfo. Enter username and click on Next.

Connect to the URL aka.ms/mysecurityinfo

On the Security info tab, click on Add method.

Add method for passwordless

Select Authentificator app and click on Add.

Choose method authentification

On the smartphone, download Microsoft Authentificator application on the ios or android smartphone and click on Next.

download app authentificator

On the smartphone, open Microsoft Authentificator application and click on Add an account.

Add an account on passwordless

Select Professional or school account.

Select professional or school account for passwordless authentification

From Azure portal, click on Next to display the QR Code.

Scan the QR Code

An approval is sent at the phone, press Approve.

Approval has send

approve account for passwordless

After approval, click Next to finalize the add operation.

Approval is OK

The authentification method is present on the web portal. Click on Change for change the authentification method.

Authentification method for Azure AD Passwordless

Select Microsoft Authentificator – notification and click on Confirm.

Choose the desired method

Authentification method is now been configured.

Authentification method configured

Configure smartphone

From Microsoft Authentificator Application, press on drop-down Arrow.

Acces to option for azure ad paswordless

Select Enable connexion by phone option.

Enable connexion by phone

A new wizard appear, click on Continue.

New wizard appear for configure azure ad passworless

Enter username and password of the user and click on Connect.

Connect with the desired user for Azure AD Passwordless

Click on button for record the phone.

Record the phone for azure passwordless

The phone has been recorded.

Phone has been recorded for azure ad passwordless

Authentification with passwordless

From the mobile device, access to myapps.microsoft.com and enter username and password. Click on Next for proceed at the connexion.

Access to myapps.microsoft.com for login with azure ad ccount

You need approove the connexion, a number is present on Windows. The same number has present on Microsoft Authentificator application. Press the number on Microsoft Authentificator application.

Number has present on the console  azure ad

Number has present on application

Connexion has been approved.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.