News

'One-Time Passcodes' for Azure AD B2B Hits Preview

A new feature in Microsoft's Azure Active Directory Business to Business (B2B) service enables organizations to grant outside partners access to their internal network resources.

Announced as a preview on Monday, the "one-time passcodes" feature works like this: An invitee gets an invitation containing a "Send Code" link from an organization. After the invitee clicks on that link, he or she will get a second e-mail containing a code for gaining network access, which can be used for up to 30 minutes, according to Microsoft's documentation.

Once the invitee gets authenticated, the session allowing guest access is only available to the invitee within a one-day timeframe. It's a security precaution built into the one-time passcodes feature, according to the announcement:

Each authentication session only lasts 24 hours, after which guests have to re-authenticate with a new email OTP. This means your guests have to prove they still have access to their work email inboxes and have not left the partner company every 24 hours.

Organizations can optionally add multifactor authentication requirements onto the one-time passcodes scheme, if wanted. Multifactor authentication is another scheme for verifying user identities, which typically happens via responses to a cell phone call or messaging service.

Microsoft's announcement depicted the one-time passcodes preview as permitting network resource sharing with "anyone in the world with an email account." There's one technical restriction to the scheme. Organizations must send a link that includes the organization's "tenant context" (or tenant ID) within the link, Microsoft's documentation explained.

One-time passcodes are deemed handy when Azure AD B2B invitees lack other authentication options -- such as an Azure AD account, a Microsoft account or a Google account -- to gain guest network access privileges. Microsoft has been gradually expanding the identity provider options that can be used with this service.

According to Microsoft's documentation, "when the guest user signs in, one-time passcode authentication will be the fallback method if no other authentication methods can be used."

While the one-time passcode feature is currently at the preview stage, Microsoft is planning to turn it on later for all organizations using this service.

"After preview, this feature will be turned on by default for all tenants," Microsoft's documentation bluntly stated, although no timeline was described.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Microsoft, Salesforce Ink Deal Around Azure Cloud and Teams

    As part of a new partnership, CRM service provider Salesforce will leverage certain Microsoft Azure services, as well as Microsoft Teams, for services to customers.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

  • Version 1909 of Windows 10 and Windows Server Released

    Windows 10 version 1909, also known as the "Windows 10 November 2019 Update," was officially released by Microsoft on Tuesday.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.