Enable Office 365/Azure Password-less Sign In

By |2019-02-06T15:49:49+00:00February 6th, 2019|Azure, Cloud, Office 365, PowerShell, Windows|0 Comments

Users can now authenticate to Azure AD without a password via the Microsoft Authenticator App. The technology has been available for personal Microsoft accounts for around a year and has finally made its way to the corporate world.

Before users can start using the feature however an Azure AD change is required to enable the functionality. Currently this must be configured via PowerShell.

As the solution is currently in Preview the AzureADPreview module is needed. This can be a bit fiddly so its best to Uninstall both the AzureAD module and AzureADPreview module (if already installed) first

1. Uninstall-Module -Name AzureAD
2. Uninstall-Module -Name AzureADPreview

Then install the AzureADPreview module (Install-Module -Name AzureADPreview)

Next run the following commands:
1. Connect-AzureAD (The account must either be a Security Administrator or Global Administrator)
2. New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

The feature can be deactivated at any time by running:
1. Connect-AzureAD (The account must either be a Security Administrator or Global Administrator)
2. Get-AzureADPolicy
3. Remove-AzureADPolicy -Id *ID*.

Now users will be able to choose the “Enable phone sign-in” option from the authenticator app and start authenticating without a password.

Leave A Comment

like what you see? 

Sign-up to our newsletter and never miss out on the latest blogs, events and tech news from the world of risual
SUBSCRIBE!
Give it a try, you can unsubscribe anytime.