Forum Discussion
Intune - Phishing-Resistant MFA
The keyword for this is Temporary Access Pass. You create the policy under:
Entra ID → Protection → Authentication Methods → Temporary Access Pass.For a new user, go to:
Entra ID → Users → All Users, select the "new" user, and click on Authentication Methods + Add Authentication Method, then choose Temporary Access Pass. Share this pass with the user.Using a Temporary Access Pass
Typically, a user registers authentication methods during their first sign-in. The Temporary Access Pass is perfect for setting up or updating multifactor, passwordless, or phishing-resistant authentication without requiring additional security prompts.
Registering Authentication Methods
Authentication methods can be registered at https://aka.ms/mysecurityinfo. Users can also update existing authentication methods here.
After a successful sign-in, the user can now register or update passwordless authentication methods, such as FIDO2 security keys or the Microsoft Authenticator app.
https://techcommunity.microsoft.com/blog/identity/secure-authentication-method-provisioning-with-temporary-access-pass/3290631
The keyword for this is Temporary Access Pass. You create the policy under:
Entra ID → Protection → Authentication Methods → Temporary Access Pass.
For a new user, go to:
Entra ID → Users → All Users, select the "new" user, and click on Authentication Methods + Add Authentication Method, then choose Temporary Access Pass. Share this pass with the user.
Using a Temporary Access Pass
Typically, a user registers authentication methods during their first sign-in. The Temporary Access Pass is perfect for setting up or updating multifactor, passwordless, or phishing-resistant authentication without requiring additional security prompts.
Registering Authentication Methods
Authentication methods can be registered at https://aka.ms/mysecurityinfo. Users can also update existing authentication methods here.
After a successful sign-in, the user can now register or update passwordless authentication methods, such as FIDO2 security keys or the Microsoft Authenticator app.
https://techcommunity.microsoft.com/blog/identity/secure-authentication-method-provisioning-with-temporary-access-pass/3290631
Thanks that worked. I read the documentation on it and saw there isn't really a way to do it from phone app so make sure user logs in from computer on first time and scans QR code with authenticator app to setup passkey using TAP rather than first time login from app itself. Make sure TAP isn't one time only.
