You don’t always need a password to sign in. Azure supports three types of passwordless authentication that work with Microsoft Entra ID.
1. Windows Hello for Business
This works on Windows 10 version 1809 or newer.
Instead of a password, users log in with a face scan, fingerprint, or PIN.
The PIN is stored more securely than in standard Windows Hello.
It can be protected by a Trusted Platform Module (TPM) chip.
The private key never leaves the device, so it cannot be stolen during transmission.
This is a good option for people who use Windows devices and want extra protection.
2. FIDO2 Security Keys
FIDO2 stands for Fast Identity Online.
It uses a physical device like a USB stick.
Some keys may also use Bluetooth or NFC (near-field communication).
This method works on Windows 10 version 1903 or later.
It is especially useful in secure settings.
For example, for shared computers, kiosks, or sensitive admin work.
3. Microsoft Authenticator App
This works on Android and iOS devices.
When you sign in, your device shows a number.
You then tap the matching number and confirm with a fingerprint, face scan, or PIN.
This is great for using non-Windows devices securely.
Additional Notes
You can also receive text messages or emails for verification.
However, these methods are less secure and not considered true passwordless sign-in.
For more information, get started with our AZ-900 video course at https://idodata.com/az-900-microsoft-azure-fundamentals/, or go back to our AZ-900 List of requirements.
Please click here to find out more about Microsoft’s AZ-900 exam.
