You now have the ability to sign into your Azure AD account without using a password. With the Authenticator app you can approve the sign in by selecting the correct number which is displayed on the login screen. To set this up you need to enable this at the tenant level first. To do this follow the steps below:
The first step is to install the Azure AD Preview module using powershell
Install-Module -Name AzureADPreview
Connect to azure ad with your security administrator or global administrator credentials
connect-azuread
Now enable passwordless sign in for your tenant
New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn
Now you have successfully enabled this at the tenant level the end users need to ensure the following is in place to start taking advantage of passwordless sign in.
- User must be registered for MFA
- User must have the latest version of Authenticator installed on their mobile device
Now the user can enable phone sign in for their work or school account in the Authenticator app which will allow them to start signing into their azure ad account without a password. To enable phone sign in use the following link https://docs.microsoft.com/en-us/azure/active-directory/user-help/microsoft-authenticator-app-phone-signin-faq
End User Experience