This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Based on this: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless#choose-a-passwordless-method
I am trying to enable all of my users with the Passwordless feature with the existing mobile/cell phones (iPhone and Android), but not with FIDO2 keys since there is no hardware will be provisioned.
I have created the AD Security group 'Hybrid Group—Secure Laptop Users' for all AD user accounts who own laptops with Fingerprint, Bluetooth, and Camera enabled. This group is already hybrid-synched to Entra ID.
Do I just manually enable the Passkey (FIDO2) settings from: https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods/fromNav/ ?
Managing and enforcing security policies for devices and apps to protect organizational data through Intune
Managing external identities to enable secure access for partners, customers, and other non-employees
A cloud-based identity and access management service for securing user authentication and resource access
An API that connects multiple Microsoft services, enabling data access and automation across platforms
Additional Microsoft Entra services and features related to identity, access, and network security
Are they using Windows for Business and met all the requirements?
Otherwise, enabling passkeys/Fido enables passwordless MFA for hardware keys and their authenticator phones.
You can also enable Phone Sign in for passwordless with the Authenticator app
To sign in on my mobile devices for Teams, OneDrive, and Outlook, I need to enter my User Principal Name (UPN) and password, and then use the Microsoft Authenticator app to input a verification code. Is it possible to use a Passkey or biometric authentication through the phone's camera instead?
So basically, minimize to use the password typing where possible.
@Andy David ,
Yes, the Laptops are equipped and already Hybrid Azure AD Joined.
WHfB is already working but still, the password must be typed on signing in or re-authenticating on MS Apps.