News

Microsoft Enables Windows 11 Passwordless Option

Organizations with Entra ID-joined Windows 11 devices can now switch them over to passwordless authentications using a new policy option, Microsoft suggested this week.

Organizations can use Microsoft Intune or another mobile device management solution to set the policy, which was eanbled via a "September 2023 update for Windows 11, version 22H2," the announcement indicated. Here's Microsoft's statement to that effect:

Commercial organizations can now set the EnablePasswordlessExperience MDM policy from Intune or another MDM to enable a fully passwordless user experience on Microsoft Entra ID joined [Windows 11] machines.

By passwordless, Microsoft means that users so switched won't see a password prompt at all after the policy has been applied. The password prompt will be absent when signing into a device's lock screen. It also won't be there for "in-session auth scenarios like password managers in a web browser, 'Run as' admin scenarios, and User Account Control (UAC)," the announcement explained. Also, the Windows 11 Settings app won't show the "Change password" option after the passwordless policy has been applied, Microsoft indicated, in this document.

After the passwordless policy is applied, users will see initial authentication options as "security key, pin, Windows Hello, and fingerprint." Organizations can use phishing-resistant approaches, such as FIDO2 keys or Windows Hello for Business, which is Microsoft's biometric (face scan) authentication scheme.

Organizations going passwordless have options should a user fail to authenticate. "If the user fails to sign in, recovery mechanisms such as PIN reset or Web sign-in can be used to help the user recover their credentials without IT helpdesk engagement," the announcement indicated.

Microsoft's Sept. 2023 update to Windows 11 version 22H2 also ushered in the ability for Entra ID-joined devices to use a "Web sign-in" feature, as explained in this document. It permits users to "sign in with the Microsoft Authenticator app or with a SAML-P federated identity."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.