Share via

Passwordless MFA Authentication

Reem Jalal Eddine 0 Reputation points
2024-05-10T15:16:22.6133333+00:00

Hi,

We are in the process to enforce users to setup their MFA (Most probably many already have it) but we need to use the preferred method wich is passwordless in Conditional Access. So I am testing on couple of accounts, yet am having issues and few questions.

Steps taken so far:

In MFA registration policy allow push notifications for users

Remove Email OTP and keep SMS + Auth App

Microsoft Authenticator is set to ANY

then apply the conditional MFA requirement which requires users to use passwordless authentication when they are outside the organization.

I did a re-register MFA and as well revoke for the user I am testing. The user is capable for passwordless authentication, yet when the user sign in it requires the user to use 2fa and not passwordless although in conditional access it is mentioned to user passwordless. I did check if there is an overriden policies but could not find any.

My other question if I need users to all download MA app and configure their passwordless without interrupting there work but with a deadline withint 14 days before we enable passwordless. What is the best practice is it through registration campaign and choose system preferred as Enabled instead of Microsoft or this will create noise for IT support team?

Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,948 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh 5,640 Reputation points Microsoft Vendor
    2024-05-14T15:33:50.01+00:00

    Hi @Reem Jalal Eddine

    Thank you for your post!

    Could you please check the below
    The user is signing in from a location that is not covered by the Conditional Access policy. Make sure that the policy is configured to apply to all locations where the user might sign in from.

    Also, verify that you have Enable combined registration in Azure AD
    for more information can you please refer the below article
    How to Set Up Passwordless Sign-in Using the Microsoft Authenticator App
    if the issue is persist, please check sign-in logs for the user to see if any insights can be noticed. The logs might indicate which policy is being applied and why the passwordless method is not triggering.

    Do let us know if you any further queries.

    Thanks,

    Akhilesh

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.