Passwordless sign-in for selected users

%3CLINGO-SUB%20id%3D%22lingo-sub-2023812%22%20slang%3D%22en-US%22%3EPasswordless%20sign-in%20for%20selected%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2023812%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20for%20a%20bit%20of%20confirmation.%20I%20would%20like%20to%20pilot%20Authenticator-based%20passwordless%20sign-in%20with%20my%20tenant%2C%20starting%20with%202-3%20test%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReading%20this%20doc%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-phone%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPasswordless%20sign-in%20with%20the%20Microsoft%20Authenticator%20app%20-%20Azure%20Active%20Directory%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Bstates%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CEM%3E%22If%20you%20enabled%20Microsoft%20Authenticator%20passwordless%20sign-in%20preview%20using%20Azure%20AD%20PowerShell%2C%20it%20was%20enabled%20for%20your%20entire%20directory.%20If%20you%20enable%20using%20this%20new%20method%2C%20it%20supercedes%20the%20PowerShell%20policy.%20We%20recommend%20you%20enable%20for%20all%20users%20in%20your%20tenant%20via%20the%20new%26nbsp%3BAuthentication%20Methods%26nbsp%3Bmenu%2C%20otherwise%20users%20not%20in%20the%20new%20policy%20are%20no%20longer%20be%20able%20to%20sign%20in%20without%20a%20password.%22%3C%2FEM%3E%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20never%20enabled%20passwordless%20sign-in%20previously.%20I%20want%20to%20confirm%20that%20I%20can%20enable%20it%20with%20this%20%22new%22%20method%20for%202-3%20users%20only%2C%20without%20impacting%20the%20rest%20of%20the%20users%20in%20the%20tenant%20(meaning%20they%20can%20still%20sign%20in%20with%20their%20passwords%20and%20there%20are%20no%20changes%20to%20their%20authentication).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20pretty%20sure%20this%20is%20the%20case%2C%20but%20am%20hoping%20someone%20can%20chime%20in%20to%20confirm!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2023812%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Epasswordless%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hello everyone,

 

Looking for a bit of confirmation. I would like to pilot Authenticator-based passwordless sign-in with my tenant, starting with 2-3 test users.

 

Reading this doc: Passwordless sign-in with the Microsoft Authenticator app - Azure Active Directory | Microsoft Docs states the following:

 

"If you enabled Microsoft Authenticator passwordless sign-in preview using Azure AD PowerShell, it was enabled for your entire directory. If you enable using this new method, it supercedes the PowerShell policy. We recommend you enable for all users in your tenant via the new Authentication Methods menu, otherwise users not in the new policy are no longer be able to sign in without a password."

 

I have never enabled passwordless sign-in previously. I want to confirm that I can enable it with this "new" method for 2-3 users only, without impacting the rest of the users in the tenant (meaning they can still sign in with their passwords and there are no changes to their authentication).

 

I am pretty sure this is the case, but am hoping someone can chime in to confirm!

2 Replies
Hi, sounds to me like you’re good to go. As the article says you can select a few.

”Target - All users or Select users”

@zsaltzman Your good here. 

Even when you enable passwordless sign-in, the user can still use their passwords. The note in the documentation only states that the new policy will overrule the PowerShell policy. It does not say that users included in the policy cannot use their password anymore (had to read it twice also :smile:)

 

The enabled users are allowed to activate passwordless sign-on via the Authenticator app(device needs to be registered) Users that are not enabled cannot do that.