Now we can finally sign in passwordless from our phone to Azure Active Directory! This means that when we try to authenticate to Microsoft Azure we get this, where we just need to push the same number on our authenicator app on our phone.
Now in order to set this up, we just need to add an Azure AD policy to our tenant. First we just install the PowerShell cmdlets, the add the policy.
Install the Azure PowerShell Preview Cmdlet:
https://www.powershellgallery.com/packages/AzureADPreview/2.0.1.18
After you have installed the cmdlets in PowerShell run the command Connect-AzureAD
Run this command to add the policy (needs either Global admin or Security
New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn
You can see that it is active by running the command Get-AzureADPolicy
Once you are done on running the script, you just need to make a small change on the authentication app on your phone. Open the account and choose “Enable phone sign-in” this will require that your user account
NOTE: Setting up this feature, will not affect other MFA setup that you might have. For instance if you have a NPS server configured with Azure AD and that is using some other form of authentication such as MFA push notification it will still continue to do that.