Skip to content
Passwordless Microsoft Authenticator
Home » Passwordless with the Microsoft Authenticator and map

Passwordless with the Microsoft Authenticator and map

In the past post I talked about that Passowordless variant with a security key and its deployment is written. In this post I want to explain the Passwordless scenario with the Microsoft Authenticator and the location map as the display.

The passwordless login with the Microsoft Authenticator offers a very practical option to log in easily and without additional hardware. The passwordless login also raises security to a new level. Because most attacks happen because of intercepted passwords. In addition, the passwords are often lost and thus generate additional work in many places. With the additional map display, there is still another factor in order to be able to offer the user security. The push can already be made more secure.

Here you can find Microsoft's contribution to "Number matching" and the map: New Microsoft Authenticator security features are now available! - Microsoft Tech Community

Table of Contents

Demo Video - User Experience

Passwordless with Microsoft Authenticator and map

Requirements Azure AD

First we have to make sure that the authentication method "Microsoft Authenticator" is active in Azure AD. We do this under Azure AD> Security> Authentication methods.

Under "Target" we can choose whether the option is available for all users or only a selected group. We carry out the configuration via the three points:

In the options menu we have the following options:

settingOptions
Authentication method- Any
- Passwordless (enter a number)
- Push (push after password entry)
Require number matchingEnabled / Disabled
Not only push, but also a number for confirmation must be selected.
Show additional context Enabled / Disabled
The map with the login location is displayed.

I choose the following options here to give the user the freedom to use Passowrdless or not.

Settings User - Microsoft Authenticator

Has the end user already set up the Microsoft Authenticator and the option “Any” has been selected for the “Authentication Method”? This means that the user has to activate the passwordless login once. To do this, he can activate the option under “Enable phone sign-in” in the relevant account. If the smartphone is not yet registered, it will be recorded accordingly in this step.

Passwordless login as a user

The user navigates to portal.office.com, SharePoint, or another entry page as usual. In this he enters his user name and presses "Next".

In the next step, the end user is presented with a number, at the same time he receives a pop-up from the authenticator on his smartphone in which he has to enter the corresponding number.
The additional map section helps to assign the login. This also applies if the login is not carried out without a password, but rather via push.

The user is then logged in and will be redirected to the desired page.

Summary

With the Microsoft Authenticator, a passwordless scenario can be implemented very well and comfortably, and the map also provides a good clue as to where the login is coming from. The map feature sensitizes the user and draws his attention to a possible attack from outside.

The complete functionality is activated very quickly and the user does not have to make any major configurations in order to use the features. Even if the passwordless login is out of the question, the map offers great added value.

1 thought on “Passwordless mit dem Microsoft Authenticator und Karte”

  1. Pingback: Azure MFA: Return of the Hardware Token (OATH TOTP) | cloud

Leave a Reply

Your email address will not be published. Required fields are marked *

de_CH DE
de_CH DE
en_US EN
Exit mobile version