Passwords have traditionally served as the first (and sometimes only) defense against unauthorized access, yet they remain one of the most vulnerable points in cybersecurity. Users frequently reuse or select easily guessed passwords, making organizations more susceptible to breaches. Fortunately, Microsoft Entra (formerly Azure AD) helps address these challenges with a passwordless sign-in solution that significantly boosts security while streamlining user logins.

By using the Microsoft Authenticator app for phone sign-in, you offer users the convenience of tapping a confirmation on their devices rather than juggling complex passwords. In this post, we’ll walk you through the steps to enable passwordless sign-in, then explore how Plexhosted can enhance your overall security and compliance posture.

Why Go Passwordless?

• Reduce Security Risks: Passwords can be easily leaked, guessed, or stolen in phishing attacks. Eliminating them minimizes these common vulnerabilities.

• Simplify the User Experience: Instead of memorizing (and constantly resetting) long passwords, users simply tap “approve” in the Authenticator app. Less hassle, fewer helpdesk calls.

• Boost User Adoption and Satisfaction: When security measures are convenient, employees are more likely to embrace them. This leads to smoother operations and a stronger security culture.

Enabling Passwordless Sign-in with the Microsoft Authenticator App

Below is a step-by-step guide to help you enable Passwordless Sign-in with the Microsoft Authenticator App.

Step 1: Set Up Authentication Methods Policy

1. Sign into the Entra (Azure AD) portal with your administrator account.

2. Navigate to Protection → Authentication methods.

3. Select Policies and ensure Microsoft Authenticator is enabled for your organization.

   • If needed, toggle it to Enabled and specify the groups or users allowed to use passwordless sign-in.

   • By default, groups are set to use Any mode, meaning members can sign in with a push notification or phone sign-in.

Step 2: Configure Microsoft Authenticator for Users

1. Ask users to register the passwordless authentication method in Entra ID.

   • If they’ve already registered Microsoft Authenticator for MFA, they can skip to enabling phone sign-in.

2. If a user hasn’t registered the Authenticator app for MFA yet, they should:

   • Go to Security info → Add method → Authenticator app → Add.

   • Follow the on-screen instructions to install and configure the Microsoft Authenticator app on their device.

   • Select Done to complete the app configuration.

Step 3: Enable Phone Sign-in in Microsoft Authenticator

1. Open the Microsoft Authenticator app on your phone

2. Tap your work or school account

3. Select 'Set up passwordless sign-in requests' and follow prompts to register the device

Registration can take some time, so you need to wait for it to complete.

Step 4: Test the Passwordless Flow

The first time you start the phone sign-in process, you need to perform the following steps:

1. Open New Incognito/InPrivate window in your browser, go to https://www.office.com/ and select Sign in.

2. Enter your username at the sign-in page. Select Next.

3. Then, on password page you should choose 'Use an app instead link'.

4. Now, you are presented with a number.

5. The Authenticator app prompts you to enter the number shown to sign in. After you have typed the number tap Yes.

6. After you successfully sign in once with phone sign-in, the app offers this method by default (but you can always choose Use your password instead if needed).

Key Benefits for Your Organization

• No more forgetting or resetting complex passwords. This reduces IT support tickets and saves time.

• Passwordless sign-in helps mitigate phishing attacks and data breaches tied to compromised credentials.

• A simplified sign-in workflow means fewer interruptions, allowing your teams to remain focused and efficient.

Conclusion

Transitioning to passwordless sign-in with Microsoft Entra (Azure AD) is a powerful step toward a more secure, agile, and user-friendly environment. By leveraging the Microsoft Authenticator app, your organization can say goodbye to common password pitfalls and focus on driving growth instead of worrying about compromised credentials.

If you have any questions about setting up Microsoft Entra passwordless sign-in—or if you’d like expert assistance—don’t hesitate to reach out. Plexhosted is ready to support your journey every step of the way, from implementation to ongoing management, ensuring your security and compliance remain at the highest possible standards.