Forum Discussion
Authenticator App - passwordless - when prompted?
Hi,
i'm asking myself when the MS Authenticator App should ask for a passwordless sign-in (presenting of the three numbers)?
I've enabled the passwordless signin for my tenant account. This is working, when signin from a foreign device when e.g. in home office.
When i'm inside my company and loging in from an incognito session inside my browser i'm still asked for my password.
Could this be a an error when using azure conditional access inside our company?
Thanks in advance.
Patrick 🙂
imorton777 one possible solution could be this hint:
The passwordless authentication promt (three digit choice) only appears automatically, if your last sign-in was used by this method. If you're being prompted to use your password try to click on "other ways to sign-in", then choose app request.
After you've successfully signed in, try to log out or open up a new incognito session and sign in again.
Then you should be faced with the passwordless method. 🙂
This was a pain in the **bleep** for me until i got this understanding.
- My passwordless experience has been random. It used to work then it pretty much stopped. My personal Microsoft account usually works but from my azure joined Windows hello machine I still get password prompts and code instead of the three options. If the 3 options did come up in the past I usually had to click this annoying send notification button to get to the login screen.
Not sure if I need to setup again but I’m having similar pains. I kind of gave up on it for now. Been busy.- PatrickF11Steel Contributor
ChrisWebbTech Thank you for sharing your experiences. I've already set up passwordless again, but no improvement. A few months ago everyhting was working really good. Too bad.
VasilMichev Thank you, too. I hope so. (The'll have to polish things up.)
Passwordless is basically using a different auth flow, thus the "known issues" with AD FS and PTA. And the apps themselves need to be coded to recognize that flow, so experience will vary. It's a new feature still, they will polish it eventually.
- KrisDebSteel ContributorI have a very similar experience. Sometimes it needs 3 numbers sometimes it's only one, sometimes it needs my email and password, sometimes password only, sometimes it's a notification. It's very inconsistent, like many things in Microsoft. I have 4 different admin centres for one office 365:
https://admin.microsoft.com/AdminPortal/Home#/homepage
https://security.microsoft.com/homepage
https://compliance.microsoft.com/homepage
https://protection.office.com
Does it make sense? Of course not.- PatrickF11Steel Contributor
The Security & Compliance Admin UI is going to be split up into two. (1x Security / 1x Compliance).
I think the 2-in-1 will be go away.
But, of course, you're totally right. 😄
- Ricardo MendesBrass Contributor
PatrickF11 did you manage to solve this? I am doing a pilot with two users and having different experiences.
One is a existing user with their mobile phone already enrolled to intune and that is setup for combined registration and as the authentication app. When he log´s in it ask´s for the password and then the notification with 3 number to choose from.
The other is a new user, that enrolled the device to intune, installed the authentication app, the MFA as activated (not the combined experience). When this user connects it immediately gets a notification in the app to authenticate by select one number.
- PatrickF11Steel Contributor
Ricardo Mendes unfortunatelly not.
A few month everything was working as expecrted, then there were a few month where my account didn't do passwordless at all. Nowadays it is working.... how should is say... "sometimes"...
- PatrickF11Steel ContributorBy the way: atfer i use PIM in the morning the next login gets prompted with passwordless (3 numbers). The first login before i executed PIM is asking for my password.... Strange.
- Thijs LecomteBronze ContributorI have the same experience.
Passwordless is still in preview so things might change overtime. We'll just have to wait and live with the limitations currently
- imorton777Copper ContributorI'm still in this same boat as this original issue. It randomly allows me to select one of the three numbers or lets me click approve or only gives me the option of entering a password or sometimes I can enter a password or choose to use an app.
- PatrickF11Steel Contributor
imorton777 one possible solution could be this hint:
The passwordless authentication promt (three digit choice) only appears automatically, if your last sign-in was used by this method. If you're being prompted to use your password try to click on "other ways to sign-in", then choose app request.
After you've successfully signed in, try to log out or open up a new incognito session and sign in again.
Then you should be faced with the passwordless method. 🙂
This was a pain in the **bleep** for me until i got this understanding.
- TerryGCopper Contributorthank you so much!! This is exactly the answer I was looking for. I've been fighting this issue for DAYS! If I ever meet you, I owe you lunch!
- esotch125Copper ContributorI ran into a similar issue and found that we had to have users manually enable a feature from the Microsoft Authenticator app. It's called "Enable phone sign-in". After this, they were able to successfully use passwordless authentication. This was disapointing because there is no way to automatically set this up for users, as such making passwordless the primary method would be nearly impossible to maintain.
- PatrickF11Steel ContributorI got this point, and im not satisfied with this, too.
You could give conditional access a try: Grant control > authentication strenght > passwordless.
Therefore you could force users to login passwordless. (I know, this is not the best choice :-/)