It is time to break up your relationship with passwords. Passwords have been good to us in the past, but in today’s digital workplace they have become a relatively easy attack vector for hackers. Hackers love passwords and it’s not difficult to see why when you consider that most commonly rejected passwords in Azure Active Directory (Azure AD) include terms like the year, the month, the season, or a local sports team. Furthermore, research has shown that traditional recommendations for password management such as length requirements, complexity requirements, and change frequencies are counterproductive for a variety of reasons related to human nature.
Short demo
First, enable Multi-Factor Authentication
There are a lot of blogs & articles written how to enable MFA in your organisation. How to setup MFA in short: https://aka.ms/mfasetup
Users can register their devices (by default, users can)
Tap your account, tap Sign-in by phone.
Register your device which you would like to use for the PasswordLess sign-in.
Do you need more information about the Devices registration: https://docs.microsoft.com/en-us/azure/active-directory/devices/overview#getting-devices-under-the-control-of-azure-ad or the Authenticator APP: https://aka.ms/authappstart
The only step you to enable Passwordless phone sign-in:
Create a AzureADPolicy with a global or security admin in your tenant.
New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn
don’t forget to install the “Install-Module AzureADPreview”, but first uninstall your current module “UnInstall-Module AzureAD”