News

Microsoft Enables Windows 11 Passwordless Option

Organizations with Entra ID-joined Windows 11 devices can now switch them over to passwordless authentications using a new policy option, Microsoft suggested this week.

Organizations can use Microsoft Intune or another mobile device management solution to set the policy, which was eanbled via a "September 2023 update for Windows 11, version 22H2," the announcement indicated. Here's Microsoft's statement to that effect:

Commercial organizations can now set the EnablePasswordlessExperience MDM policy from Intune or another MDM to enable a fully passwordless user experience on Microsoft Entra ID joined [Windows 11] machines.

By passwordless, Microsoft means that users so switched won't see a password prompt at all after the policy has been applied. The password prompt will be absent when signing into a device's lock screen. It also won't be there for "in-session auth scenarios like password managers in a web browser, 'Run as' admin scenarios, and User Account Control (UAC)," the announcement explained. Also, the Windows 11 Settings app won't show the "Change password" option after the passwordless policy has been applied, Microsoft indicated, in this document.

After the passwordless policy is applied, users will see initial authentication options as "security key, pin, Windows Hello, and fingerprint." Organizations can use phishing-resistant approaches, such as FIDO2 keys or Windows Hello for Business, which is Microsoft's biometric (face scan) authentication scheme.

Organizations going passwordless have options should a user fail to authenticate. "If the user fails to sign in, recovery mechanisms such as PIN reset or Web sign-in can be used to help the user recover their credentials without IT helpdesk engagement," the announcement indicated.

Microsoft's Sept. 2023 update to Windows 11 version 22H2 also ushered in the ability for Entra ID-joined devices to use a "Web sign-in" feature, as explained in this document. It permits users to "sign in with the Microsoft Authenticator app or with a SAML-P federated identity."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.