Sign in to the Azure portal as a Global admin and click Azure Active Directory > Security > Authentication methods > Temporary Access Pass.
To configure the TAP authentication method policy: This guide will describe how the administrator can set Temporary Access Pass for a user, and how that user can subsequently enroll his/her FIDO2 security key:Īs this is a preview feature, it has to be enabled first. Global administrator and Authentication Method Policy administrator role holders can update the TAP authentication method policy. This has finally changed!ĭuring the MS Ignite 2021 conference (which was held virtually this year as well), in addition to GA of Passwordless, Microsoft also announced a new feature, Temporary Access Pass in Azure AD (Preview), which will allow your end users to use only a FIDO2 Security key to access their account (this eliminates the requirement of having the MFA configured prior to that, which was the case before).
Being the most secure access method available for Office 365 user access, enrolling FIDO2 security keys had a requirement of MFA to be configured for the users, which made it useless for use cases where users do not have (or do not want) to use multiple devices to log in. The access is still protected by two factors in this case: 1) having physical access to the security key and 2) PIN or Fingerprint (on devices with biometrics support) configured on the FIDO2 Security keysįIDO2 keys as a security method is available with Microsoft Azure AD for already a couple of years now. Once enabled, the users will be able to sign in to their accounts and log onto their Windows 10 machines (Azure AD or Hybrid AD joined) using FIDO2 Security keys. Office 365 - Protecting user accounts with FIDO2 keys without MFA FIDO2 based Passwordless technology allows users to use a USB key sign in to Azure AD without using passwords.
0 kommentar(er)
