Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
The Twelve Days of Blog-mas: No.2 - Windows Web Sign in and Passwordless
Published Nov 29 2023 04:00 AM 4,103 Views

Hi folks - welcome to the second post in the holiday '23 series.

 

Today's post is about a capability that came to preview long ago but recently surprised much of the world and moved to General Availability (GA).

 

This allows you to sign-in to an Entra Joined Windows PC (not Hybrid) itself via the familiar web sign in form/pop-up dialog box:

MichaelHildebrand_0-1701033071685.png

 

With this sign-in method, you certainly can use your password but passwords are so ‘yesterday’ …  Let’s go passwordless and use MS Authenticator + Phone sign in - which can be a form of ‘multi-factor’ sign in.

MichaelHildebrand_5-1701346773728.png

 

  • IMPORTANT: This sign in method is called ‘web sign in’ – if there is no ‘web,’ then there is no sign in (i.e. offline sign ins won’t work; there will be no cached credential locally for this sign in method).

Here are the high-level steps and a little animation of the experience on Windows 11 + MS Authenticator on iOS. 

  • From Intune:
    1. Deploy the setting to Windows via a Configuration Profile (this activates the web sign in credential provider in Windows and adds the little globe to the sign in options list you'll see below)

MichaelHildebrand_1-1701344945688.png

  • From the PC:
    1. Select the ‘Sign in options’ link and select the little globe
    2. Select the ‘Sign in’ button
    3. The next steps are a bit variable
      1. After the user has enabled Phone sign in for the MS Authenticator app, the first time she wants to use it, when the web form pops up, select 'Other ways to sign in' and then 'Approve a request on my Authenticator app'

MichaelHildebrand_1-1701346216715.png

MichaelHildebrand_3-1701346392648.png

 

After the first time, she'll only need to select ‘Send notification’ from the web pop-up to get the code sent to the phone:

MichaelHildebrand_4-1701346604435.png

 

  • From the phone (again, after you've enabled 'Phone Sign in' from within the settings of the MS Authenticator app)
    1. You’ll be prompted to complete the MFA and passwordless sign-in via MS Authenticator (in my case, enter the number match + Touch ID)
    2. You’ll arrive on the desktop, signed in…

phone - web sign in - short.gif

 

For more information:

A series recap (so far):

  1. The Twelve Days of Blog-mas: No.1 - A Creative Use for Intune Remediations - Microsoft Community Hub

Cheers - See you tomorrow!

 

Hilde

11 Comments
Version history
Last update:
‎Dec 15 2023 09:29 AM
Updated by: