According to an announcement by Microsoft, organizations that use Entra ID-joined Windows 11 devices can now opt for passwordless authentications via a new policy. This development was made possible via the September 2023 update for Windows 11, version 22H2. With this update in operation, Entra ID-joined devices can shift to a passwordless method, once enabled by an administrative policy shift.
Password-Less User Experience
Microsoft affirms that commercial organizations are now able to initiate the EnablePasswordlessExperience MDM policy from Microsoft Intune or another Mobile Device Management (MDM) solution to ensure a completely passwordless user experience on Microsoft Entra ID-joined Windows 11 machines. With the passwordless feature in place, no password prompt will be visible post the application of this policy. The absence of a password prompt will be observed during signing into a device's lock screen and during in-session authentication scenarios like password managers in a web browser, ‘Run as admin' situations and User Account Control (UAC).
Enhanced Authentication Options
Following the implementation of the passwordless policy, users will be presented with initial authentication options such as a security key, pin, Windows Hello, and fingerprint. Organizations are permitted to employ phishing-resistant methods, for instance, FIDO2 keys or Windows Hello for Business, which is Microsoft's biometric face scan authentication system. In case a user fails in authentication, options like PIN reset or Web sign-in can be utilized to help recover their credentials without the need of IT helpdesk engagement.
This update also allows Entra ID-joined devices to take advantage of a “Web sign-in” feature. This permits users to authenticate via the Microsoft Authenticator app or with a SAML-P federated identity. Following the completion of this update, Microsoft will offer the passwordless option to commercial users of Entra ID-joined Windows 11 alongside regular Microsoft account users, who gained access to this feature in 2021.