Can users login to Azure AD-joined Windows 10/11 Pro with Microsoft Authenticator?

Question

We enabled passwordless in our Azure AD tenant and it works well for web-related sign-ins like Office 365. However, users can't login to their Windows 10 or 11 Pro computers using passwordless, such as by using the Microsoft Authenticator app. We join our computers to our Azure AD environment. They either need their password or Windows Hello for Business. How can they login to Windows 10 or 11 Pro using their Azure AD passwordless feature in the Microsoft Authenticator app on their phones?

Answer 1

Hi @alippiatt ,

Thanks for your post and apologies for the delayed response! During the Azure AD Join setup, users can authenticate with a TAP (no password required) and set up Windows Hello for Business.

On already Azure AD Joined devices, users must first authenticate with another method such as a password, smartcard or FIDO2 key, before using TAP to set up Windows Hello for Business.

This is documented here:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass#windows-device-setup

-

If the answer provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

Answer 2

@Marilee Turscak-MSFT

Could you please share the complete information how to setup authenticator app to sign in into Windows 10/11 ?