Enabling (Public Preview) Passwordless Phone Sign-In
The first day of Ignite was a big one for Microsoft, customers and partners! One of the most exciting announcements was the Public Preview of Passwordless Sign-In using the Authenticator application. I decided, why not set this up in our test tenant as I HATE passwords!
Per Microsoft:
The Microsoft Authenticator app can be used to sign in to any Azure AD account without using a password. Similar to the technology of Windows Hello for Business, the Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device and uses a biometric or PIN.
As of right now for the public preview, enabling is done through PowerShell. One could surmise this will soon be a checkbox in the portal.
First, we installed the AzureADPreview v2 PowerShell module and connected to Azure AD (Connect-AzureAD), then ran the following:
New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn
Which returned the parameter set to True.
Next we opened up our Authenticator app and chose to enable Phone sign-in
Then we made sure our device was registered
Sign-in enabled!
Note the new phone/key icon
Now let’s simply hit myapps.microsoft.com
Note, NO PASSWORD PROMPT!
And we’re in!
Enjoy your passwordless future!