By now, the admin can sign-in to a Windows 10 computer without a password and, as long as a supported browser is used, to the web portals. Even a 100% passwordless Intune deployment has been possible with a few tricks. But how does this setup perform in everyday life. And by everyday life, in this case I don’t mean using the countless portals

The administrator account we use for passwordless sign-in has now performed its initial sign-in and registered a FIDO2 security key for permanent log-in. This initial sign-in had to be performed on an already set up device due to restrictions during Windows 10 enrollment. Unfortunately, the use of the Temporary Access Pass is not possible during the initial setup of Windows using the out-of-box experience or Autopilot.

Blog series Passwordless: But why? Enable passwordless Temporary Access Pass FIDO2 Security keys Windows 10 device onboarding and Windows Hello for Business PowerShell administration without a password Microsoft Authenticator app Restrict FIDO2 key usage & conclusion Recap Last week I explained the initial setup of an admin account using Temporary Access Pass. Today I want to introduce FIDO2, a sign-in method intended for regular sign-ins. Full disclosure The FEITIAN FIDO2 Security Keys used in this article were provided to me free of charge by FEITIAN Technologies.

Blog series Passwordless: But why? Enable passwordless Temporary Access Pass FIDO2 Security keys Windows 10 device onboarding and Windows Hello for Business PowerShell administration without a password Microsoft Authenticator app Restrict FIDO2 key usage & conclusion Recap In the first two blogs of the series, I highlighted the concept and benefits of Passwordless and took the necessary configuration steps in the Entra ID (Azure AD) Tenant. Now we turn to the first piece of the puzzle towards a true passwordless sign-in.

Blog series Passwordless: But why? Enable passwordless Temporary Access Pass FIDO2 Security keys Windows 10 device onboarding and Windows Hello for Business PowerShell administration without a password Microsoft Authenticator app Restrict FIDO2 key usage & conclusion Enable passwordless Before things can get started and the first admin is able to work without a password, a few functions have to be enabled in Entra ID (Azure AD). Optionally, sign-ins in the browser are additionally secured by a conditional access policy.

Preface There is currently a lot of talk and writing about passwordless authentication in the Microsoft community. But what does it mean in everyday life to use your own account without a password? Which requirements have to be fulfilled and which restrictions come along with it? In this blog series, I will provide you with an overview of the current state of the existing technologies and explore them step by step.