SOLVED

How to set passwordless authentication for new user in company

%3CLINGO-SUB%20id%3D%22lingo-sub-1467482%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20set%20passwordless%20authentication%20for%20new%20user%20in%20company%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1467482%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F410853%22%20target%3D%22_blank%22%3E%40julien_Gfi%3C%2FA%3E%26nbsp%3BThe%20user%20will%20have%20to%20use%20the%20password%20once.%20If%20enabled%2C%20the%20user%20than%20goes%20through%20the%20Windows%20Hello%20for%20Business%20wizard%20to%20provide%20a%20PIN.%20Since%20the%20pin%20is%20thight%20to%20the%20device%2C%20you%20cannot%20set%20up%20the%20PIN%20for%20the%20user.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20Azure%20AD%2FOffice%20passwordless%20sign-in%2C%20users%20need%20to%20register%20first%20using%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmfasetup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fmfasetup%3C%2FA%3E.%20When%20enabled%2C%20users%20can%20register%20Microsoft%20Authenticator%20and%20enable%20phone-sign%20in%20afterward%20or%20add%20FIDO2%20keys%20to%20sing-in%20wihouth%20passwords.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1488899%22%20slang%3D%22fr-FR%22%3ERe%3A%20How%20to%20set%20passwordless%20authentication%20for%20new%20user%20in%20company%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1488899%22%20slang%3D%22fr-FR%22%3E%3CP%3EThank%20you%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F470541%22%20target%3D%22_blank%22%3E%40JanBakker330%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1467379%22%20slang%3D%22fr-FR%22%3EHow%20to%20set%20passwordless%20authentication%20for%20new%20user%20in%20company%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1467379%22%20slang%3D%22fr-FR%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20case%20of%20new%20user%20that%20join%20the%20company.%20How%20to%20set%20a%20passwordless%20authentication%20for%20the%20firs%20time%20logon%20experience%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20scenario%20is%3A%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EUser%20was%20created%20in%20Active%20directory%20(With%20random%20password)%3C%2FLI%3E%3CLI%3EReplicated%20in%20Azure%20AD%20with%20AD%20connect%20(Password%20Hash)%3C%2FLI%3E%3CLI%3ENew%20laptop%20with%20autopilot%20profile%20Hybrid%20Azure%20Ad%20domain%20join%20and%20Windows%20hello%20for%20business%20strategy%3C%2FLI%3E%3C%2FUL%3E%3CP%3EHow%20can%20i%20deal%20with%20zero%20password%20for%20the%20new%20user%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1467379%22%20slang%3D%22fr-FR%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi, 

 

In case of new user that join the company . How to set a passwordless authentication for the firs time logon experience?

 

My scenario is: 

  • User was created in Active directory (With random password)
  • Replicated in Azure AD with AD connect (Password Hash)
  • New laptop with autopilot profile Hybride Azure Ad domain join and Windows hello for business strategy

How i can deal with zero password for the new user?

 

Thanks

2 Replies
best response confirmed by julien_Gfi (Occasional Contributor)
Solution

@julien_Gfi The user will have to use the password once. If enabled, the user than goes through the Windows Hello for Business wizard to provide a PIN. Since the pin is thight to the device, you cannot set up the PIN for the user. 

 

For Azure AD/Office passwordless sign-in, users need to register first using https://aka.ms/mfasetup. When enabled, users can register Microsoft Authenticator and enable phone-sign in afterward or add FIDO2 keys to sing-in wihouth passwords.