MicrosoftWe are on our way to passwordless and at a customer just hit a real inconvenient bump in the road in the form of Microsoft restricting web sign in to only TAP. We are just ready to roll out web sign in as an alternative to FIDO2 since it allows for passwordless sign in using Microsoft Authenticator passwordless only to find out this feature recently got removed! What is the thinking behind this? For shared computers and 700 users using them we are now left with only one option, $40 FIDO2 keys instead of being able to offer phone sign in to Windows. this is a show stopper for us and we now have to get back to the drawing board if we cant figure out a more cost effective way to passwordless. this is NOT a step in the right direction. Why just not support both? And also we have to set up a user with a password still. the relatively easy passwords created by the Admin portal is far from as secure as TAP. Why can't we just create users with a TAP instead of a password? is this on the roadmap for business since passwords now are history for consumers?
