Enable Password-less Sign in Azure AD

You now have the ability to sign into your Azure AD account without using a password. With the Authenticator app you can approve the sign in by selecting the correct number which is displayed on the login screen. To set this up you need to enable this at the tenant level first. To do this follow the steps below:

The first step is to install the Azure AD Preview module using powershell

Install-Module -Name AzureADPreview

Connect to azure ad with your security administrator or global administrator credentials

connect-azuread

Now enable passwordless sign in for your tenant

New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

Now you have successfully enabled this at the tenant level the end users need to ensure the following is in place to start taking advantage of passwordless sign in.

  • User must be registered for MFA
  • User must have the latest version of Authenticator installed on their mobile device

Now the user can enable phone sign in for their work or school account in the Authenticator app which will allow them to start signing into their azure ad account without a password. To enable phone sign in use the following link https://docs.microsoft.com/en-us/azure/active-directory/user-help/microsoft-authenticator-app-phone-signin-faq

End User Experience

Azure Login Screen
iOS Authenticator App 
Archives