Microsoft Tech Community is in Read Only mode.  Please enjoy browsing our content while we complete our platform upgrade.

Blog Post

Core Infrastructure and Security Blog
2 MIN READ

The Twelve Days of Blog-mas: No.2 - Windows Web Sign in and Passwordless

MichaelHildebrand's avatar
Nov 29, 2023

Hi folks - welcome to the second post in the holiday '23 series.

 

Today's post is about a capability that came to preview long ago but recently surprised much of the world and moved to General Availability (GA).

 

This allows you to sign-in to an Entra Joined Windows PC (not Hybrid) itself via the familiar web sign in form/pop-up dialog box:

 

With this sign-in method, you certainly can use your password but passwords are so ‘yesterday’ …  Let’s go passwordless and use MS Authenticator + Phone sign in - which can be a form of ‘multi-factor’ sign in.

 

  • IMPORTANT: This sign in method is called ‘web sign in’ – if there is no ‘web,’ then there is no sign in (i.e. offline sign ins won’t work; there will be no cached credential locally for this sign in method).

Here are the high-level steps and a little animation of the experience on Windows 11 + MS Authenticator on iOS. 

  • From Intune:
    1. Deploy the setting to Windows via a Configuration Profile (this activates the web sign in credential provider in Windows and adds the little globe to the sign in options list you'll see below)

  • From the PC:
    1. Select the ‘Sign in options’ link and select the little globe
    2. Select the ‘Sign in’ button
    3. The next steps are a bit variable
      1. After the user has enabled Phone sign in for the MS Authenticator app, the first time she wants to use it, when the web form pops up, select 'Other ways to sign in' and then 'Approve a request on my Authenticator app'

 

After the first time, she'll only need to select ‘Send notification’ from the web pop-up to get the code sent to the phone:

 

  • From the phone (again, after you've enabled 'Phone Sign in' from within the settings of the MS Authenticator app)
    1. You’ll be prompted to complete the MFA and passwordless sign-in via MS Authenticator (in my case, enter the number match + Touch ID)
    2. You’ll arrive on the desktop, signed in…

 

For more information:

A series recap (so far):

  1. The Twelve Days of Blog-mas: No.1 - A Creative Use for Intune Remediations - Microsoft Community Hub

Cheers - See you tomorrow!

 

Hilde

Updated Dec 15, 2023
Version 6.0