Hi Adalfarus Adalfarus,
Thank you for posting in the Q&A Forums.
Microsoft offers several passwordless authentication methods that integrate with Entra ID and local Active Directory. The main methods include:
Microsoft Authenticator:
For iOS and Android devices that can be converted to strong passwordless credentials.
Users can log in to any platform or browser from their phone without having to enter a password.
FIDO2 Security Key:
For users who log in to a shared computer (such as a booth) or have limited access to their phone.
Provides secure hardware-based authentication and reduces the risk of fraud.
Windows Hello Enterprise:
Designed for users with dedicated Windows computers.
Supports multiple authentication methods such as biometrics (e.g., fingerprint or facial recognition) and PIN codes.
Platform Credential for macOS:
A new feature on macOS that uses the Microsoft Enterprise Single Sign-On Extension (SSOe) to enable passwordless sign-on.
Second, set up passwordless authentication for Windows devices
Enable Windows Hello Enterprise:
Ensure that Windows 10 version is at least 1703 and update to the recommended version (e.g. 1903 or higher).
Configure Windows Hello Enterprise Edition policies in Active Directory, including enrollment and unlock policies.
Deploy the necessary certificate and key management infrastructure.
Integrate Entra ID:
If Entra ID supports Windows Hello Enterprise or other passwordless methods, follow Microsoft's guidelines for integration.
This may involve configuring synchronization rules in Azure AD Connect to ensure synchronization of user identities between the local AD and Azure AD.
Third, set up passwordless authentication for macOS devices
Enable Platform Credential for macOS:
Ensure that the Mac operating system is at least macOS 13 Ventura (macOS 14 Sonoma is recommended).
Register the device with MDM and configure the SSO extension payload to support Platform Credential.
Enable Platform Credential as a passkey and configure it in supported browsers such as Safari and Chrome.
Integrate Entra ID:
If Entra ID supports Platform Credential, follow Microsoft's guidelines for integration.
This may involve configuring the relevant policies in Azure AD and ensuring that the Mac device is registered to Azure AD.
Best regards
NeuviJ
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.