5 min readPasswordless authentication with Microsoft Authenticator App

Microsoft offers a Password-less Authentication option to make users
convenient. Using this feature users can logon to the Azure AD account
without using a Password.

You can enable this Password-less Authentication method using the below
options:

• Windows Hello for Business
• Microsoft Authenticator app
• FIDO2 security keys

Here we are going to delve into Password-less Authentication using
Microsoft Authenticator app.

Prerequisites:

• Azure MFA, with push notifications allowed as a verification method
• Install the Microsoft Authenticator app on mobile (The latest
  
  version of the Microsoft Authentication App installed on IOS 8.0 or
  
  greater/Android 6.0 or greater)

Microsoft Authenticator app:

Using the Microsoft Authenticator app, users can log into any Azure AD
account without using a password.

After users log in to Azure AD account with their username, rather than
giving their password, they can tap the number in their app, which is
displayed on their login screen (ex.89). User needs to match the exact
number in their mobile app and then click approve to open the Azure AD
account. This happens only the user enables a phone sign-in.

How to Enable Password-less sign-in:

Follow the below steps to enable Password-less sign-in

• Enable MFA for user
• Install Microsoft Authenticator app
• Enable Password-less sign-in authentication method
• User registration and management of the Microsoft Authenticator app

Enable MFA for user:

The first step is to enable an MFA for user, you can enable MFA from
Microsoft Azure portal → Azure Active Directory → Users → Multi-factor
Authentication

Now select a user and Enable MFA

Enable Password-less sign-in authentication method:

To enable Password-less phone sign-in, follow the steps given below:

1. Sign-in to the Azure portal
2. Go to Azure Active Directory → Security → Authentication methods →
   
   Authenticated method policy
3. Click Microsoft Authenticator Password-less sign-in → Select Enable
   
   to Yes → Target—All users/selected users.
4. Click Save.

User registration and management of Microsoft Authenticator app:

1. 
   

   Sign-in into a User account with MFA

   
   

   

   
   
2. 
   

   And Go to
   
   https://aka.ms/mysecurityinfo →
   
   Security info → Add method → Select Authenticator app

   
   

   

   
   
3. 
   

   After the above walk, it shows the QR code,

   
   

   

   
   

   Now let’s hop into mobile app to scan this QR code by clicking ADD
   
   ACCOUNT in mobile app and click next

   
   

   

   
   

    Once the scanning is completed you need to approve the request, now
   

   
   

   the account gets added in your app.

   
   
4. 
   

   Now select Enable phone sign-in and click continue to link the
   
   account.

   
   
   
   
   • Then sign in with username and password
   
   
   • It asks to type the code which is sent to your mobile.
   
   
   
   

   

   
   

   That’s it now we enabled phone sign-in successfully.

   
   

   

   
   

   User Experience:

   
   

   Now be ready to watch the user activity, how the user is getting
   
   logged into the portal without giving their password.

   
   

   Now Joni Sherman is going to move into their portal

   
   

   

   
   

   After entering the Username, it shows a number to tap in mobile app

   
   

   Tap the number in the Authenticator app and then click Approve.

   
   

   

   
   

   Now you logged into Azure AD successfully.