The first day of Ignite was a big one for Microsoft, customers and partners! One of the most exciting announcements was the Public Preview of Passwordless Sign-In using the Authenticator application. I decided, why not set this up in our test tenant as I HATE passwords!

Per Microsoft:

The Microsoft Authenticator app can be used to sign in to any Azure AD account without using a password. Similar to the technology of Windows Hello for Business, the Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device and uses a biometric or PIN.

From <https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in>

As of right now for the public preview, enabling is done through PowerShell. One could surmise this will soon be a checkbox in the portal.

First, we installed the AzureADPreview v2 PowerShell module and connected to Azure AD (Connect-AzureAD), then ran the following:

New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

Which returned the parameter set to True.

Next we opened up our Authenticator app and chose to enable Phone sign-in

Then we made sure our device was registered

Sign-in enabled!

Note the new phone/key icon

Now let’s simply hit myapps.microsoft.com

Note, NO PASSWORD PROMPT!

And we’re in!

Enjoy your passwordless future!