Last Updated on September 30, 2018 by Dishan M. Francis
From early days of computing “password” is used to protect access to services or data. Passwords are breakable so people start using multi-factor authentication to add extra security to authentication process. With multifactor authentication we have to provide additional PIN or secret. However, it still not eliminates the password fact. The modern identity attacks are getting more and more sophisticated. So, we need to think about all possibilities of a breach.
Microsoft Azure AD is now ready to provide password-less authentication experience to Azure AD connected apps using Microsoft Authenticator mobile app. with authenticator app we can replace password with fingerprint, face recognition, or PIN. This is still in public preview but it is not too soon to try it out. In this demo I am going to demonstrate how to enable password-less authentication with Azure AD.
1. As first step we need to enable public preview for password less authentication. To do that first install the public preview release of the Azure Active Directory V2 PowerShell Module using https://www.powershellgallery.com/packages/AzureADPreview/2.0.0.114
2. Then type Connect-AzureAD
and login with global admin account.
3. Once successfully authenticated, run New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition '{"AuthenticatorAppSignInPolicy":{"Enabled":true}}' -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn
4. As next step I need to enable MFA for the Azure AD user that I am going to test. To do that, log in to https://portal.azure.com as Global Administrator.
5. Then go to Azure Active Directory | Users
[Read more…] about Step-by-Step Guide to Azure AD Password-less Authentication (public-preview)