On September 24, 2022
As the cyber security landscape continues to grow more hostile, IT admins are tasked with finding new ways to strengthen authentication without compromising user experience. To remain ahead of cyber criminals, passwordless authentication is becoming an increasingly popular option for streamlining employee access while also keeping your organization safe. With passwordless authentication, users can sign into services with a single tap or other quick action instead of a password.
When it comes to protecting your company’s sensitive data, modern solutions are often more secure than traditional ones like passwords. Whether you have 500 employees or 50,000, this article covers why and how you should switch to passwordless authentication in Microsoft 365.
What is Passwordless Authentication?
Passwordless authentication is an easy and secure way to access your business applications and data without having to remember a password. It allows users to sign in with just one tap or another quick action instead of entering a password.
When it comes to passwordless in the Microsoft world, there are generally three types of methods:
- Biometrics – fingerprint and facial recognition. Commonly known as Windows Hello.
- Smartcards – a physical card or hardware token that is unique to a specific person.
- Push – login prompts sent to a user’s phone. Commonly used with Microsoft Authenticator.
You can sign into Microsoft Office 365 from anywhere using passwordless authentication, including your home or office.
Why Should You Switch to Passwordless Authentication?
Passwordless authentication is a more secure form of authentication because it eliminates the risk of phishing by removing usernames and passwords. This can lower the risk of cyberattacks and protect your sensitive data.
This system can also boost employee productivity by reducing the time spent managing passwords and helping with onboarding new hires. Passwordless authentication is already used by many organizations. It’s an ideal solution for employees working remotely or on the go since it eliminates the need for them to remember or type a complex password.
Passwordless authentication also reduces the risk of employees mistakenly sharing their passwords and gaining unauthorized access to sensitive data. Passwordless authentication can be used for single sign-on across all your cloud apps, including Microsoft 365. This means that employees can authenticate into any application with a single click or tap.
How to Switch to Passwordless Authentication in Microsoft 365
To switch to passwordless authentication in Microsoft 365, you first need to deploy the Microsoft Authenticator app to your company’s phones and tablets. You can either deploy the Authenticator app via Microsoft Endpoint Manager/Intune, or through a self-service registration campaign.
Once the Authenticator app is deployed to your company’s mobile devices, you can switch to passwordless authentication by accessing Azure Active Directory -> Security -> Authentication Methods -> Policies -> Microsoft Authenticator. You need to enable this option and select the group of users that can sign in using passwordless authentication (or select all users).
If you have preview features enabled, we strongly recommend enabling the following settings in the “Configure” tab:
Require number matching for push notifications – this setting requires a user to enter a two-digit pin on their phone that matches the number on their screen. This help to prevent attack tactics such as MFA fatigue.
Show application name in push and passwordless notifications – this setting provides your end users additional information about the source of the login prompt. This is extremely useful information when combined with SAML SSO.
Show geographic location in push and passwordless notifications – this setting shows a map in the notification when a push or passwordless notification is received from the user’s location. This is useful for people who live in a specific place or for those who want to see their location.
Help Deploying Microsoft Passwordless Authentication
Hartmann Industries is a Microsoft partner that has helped organizations deploy Microsoft Authenticator and Passwordless Authentication to organizations small and large. Our Managed IT Services packages include passwordless deployment and user training for as low as $100 per employee per month.
Passwordless authentication is a more secure form of authentication that eliminates the risk of phishing by removing usernames and passwords. This can lower the risk of cyberattacks and protect your sensitive data. Passwordless authentication can also boost employee productivity by reducing the time spent managing passwords and helping with onboarding new hires.