Forum Discussion
Solved
passwordless together with MFA
edit: was an issue using edge under linux which has now support for FIDO2 tokens. you need to use chrome, when login into azure using a linux client. Hi, we are running a CA which enforces MF...
- solved. the problem was using edge with the FIDO2 token under linux. it is not supported yet. using chrome works fine. my problem is now, that intune for linux needs edge 😕
https://docs.microsoft.com/en-us/azure/active-directory/authentication/fido2-compatibility
Sebastian_Rottmann You should have a look at the Authentication method settings in Azure AD Authentication methods - Microsoft Azure and also TAP for a seamless passwordless config Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra | Microsoft Docs
for authentication methods there are 3 possibilities:
- Microsoft Authenticator (MFA)
- FIDO2 Security Key (passwordless)
- Temporary Access Pass (for passwordless user config)
TAP is configured. Works well. That's not the problem. My problem is our global CA "MFA for all users" which includes my passwordless-Users aswell.
We will have such users:
- only MS-Authenticator
- only FIDO2 Token
- both MS-Authenticator and FIDO2 Token
How should we design our CA-Policy?
- Microsoft Authenticator (MFA)
- FIDO2 Security Key (passwordless)
- Temporary Access Pass (for passwordless user config)
TAP is configured. Works well. That's not the problem. My problem is our global CA "MFA for all users" which includes my passwordless-Users aswell.
We will have such users:
- only MS-Authenticator
- only FIDO2 Token
- both MS-Authenticator and FIDO2 Token
How should we design our CA-Policy?