News

'One-Time Passcodes' for Azure AD B2B Hits Preview

A new feature in Microsoft's Azure Active Directory Business to Business (B2B) service enables organizations to grant outside partners access to their internal network resources.

Announced as a preview on Monday, the "one-time passcodes" feature works like this: An invitee gets an invitation containing a "Send Code" link from an organization. After the invitee clicks on that link, he or she will get a second e-mail containing a code for gaining network access, which can be used for up to 30 minutes, according to Microsoft's documentation.

Once the invitee gets authenticated, the session allowing guest access is only available to the invitee within a one-day timeframe. It's a security precaution built into the one-time passcodes feature, according to the announcement:

Each authentication session only lasts 24 hours, after which guests have to re-authenticate with a new email OTP. This means your guests have to prove they still have access to their work email inboxes and have not left the partner company every 24 hours.

Organizations can optionally add multifactor authentication requirements onto the one-time passcodes scheme, if wanted. Multifactor authentication is another scheme for verifying user identities, which typically happens via responses to a cell phone call or messaging service.

Microsoft's announcement depicted the one-time passcodes preview as permitting network resource sharing with "anyone in the world with an email account." There's one technical restriction to the scheme. Organizations must send a link that includes the organization's "tenant context" (or tenant ID) within the link, Microsoft's documentation explained.

One-time passcodes are deemed handy when Azure AD B2B invitees lack other authentication options -- such as an Azure AD account, a Microsoft account or a Google account -- to gain guest network access privileges. Microsoft has been gradually expanding the identity provider options that can be used with this service.

According to Microsoft's documentation, "when the guest user signs in, one-time passcode authentication will be the fallback method if no other authentication methods can be used."

While the one-time passcode feature is currently at the preview stage, Microsoft is planning to turn it on later for all organizations using this service.

"After preview, this feature will be turned on by default for all tenants," Microsoft's documentation bluntly stated, although no timeline was described.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Touting Azure for Operators, Microsoft Joins SDN Standards Group

    As part of its Azure for Operators program, Microsoft this week joined a nonprofit standards association that focuses on SDN technologies used by enterprises and service providers.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Pilot Begins of Microsoft Teams-Salesforce CRM Integration

    A new capability that lets Microsoft Teams users access information from the Salesforce.com customer relationship management (CRM) platform debuted this week.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.