LOVE 🤩the Tasty Biryani 😁 SuperCool 😁Luckily just found this video when trying to implement Passwordless + Passkeys with MS Authenticator (Preview) ... but seems it does not work as expected because of the Hydrid on-prem configuration. Possibly something for your future Tasty Biryani video arsenal ... 🤩🤩🤩 keep up the good work 5*
Thank 😊you for sharing this , however how can we achieve this for hybrid setup when the user have a domain joined workstation to local AD and being synced with Azure, can we use the password less option as well ? What would be the scenario if in case the user password was expired, does he actually have to maintain it,especially that he didn’t use it for a long time after depending on this method?
Hello There. This approach is mostly for users in the cloud but the same can be achieved in hybrid situations as well by enabling authentication methods to passwordless like MS authenticator and utilising conditional access policies for MFA etc. Also better to enable location services for authenticator app for better visibility. In hybrid scenarios as AD is the source of truth you can either reset password in AD or you can use SSPR by enabling password write back in AD connect. This all depends on the licensing you have. Hope this makes sense. Cheers
@@NawarALMallouhi I believe you can use PIN or facial recognition for this but the password needs to be updated when expired for application authentication etc.
"What would be the scenario if in case the user password was expired" -- set all passwords to never expire. that's been a security recommendation within Microsoft for over a year I believe. It's based on people not creating secure passphrases when they have to change a password every 90 days... they just change 1 letter and wait 90 days again. If they make a more complex passphrase and it's never set to expire it's actually safer. The only time you'd need to change it is if they somehow got themselves compromised.
Would have been helpful to show the Conditional Access policies too.
Thanks for sharing your knowledge.
LOVE 🤩the Tasty Biryani 😁 SuperCool 😁Luckily just found this video when trying to implement Passwordless + Passkeys with MS Authenticator (Preview) ... but seems it does not work as expected because of the Hydrid on-prem configuration. Possibly something for your future Tasty Biryani video arsenal ... 🤩🤩🤩 keep up the good work 5*
Thank 😊you for sharing this , however how can we achieve this for hybrid setup when the user have a domain joined workstation to local AD and being synced with Azure, can we use the password less option as well ?
What would be the scenario if in case the user password was expired, does he actually have to maintain it,especially that he didn’t use it for a long time after depending on this method?
Hello There. This approach is mostly for users in the cloud but the same can be achieved in hybrid situations as well by enabling authentication methods to passwordless like MS authenticator and utilising conditional access policies for MFA etc. Also better to enable location services for authenticator app for better visibility.
In hybrid scenarios as AD is the source of truth you can either reset password in AD or you can use SSPR by enabling password write back in AD connect. This all depends on the licensing you have. Hope this makes sense. Cheers
@@pa1089 can you explain a little bit on making the users login to their PCs locally AD joined using Passwordless ?
@@NawarALMallouhi I believe you can use PIN or facial recognition for this but the password needs to be updated when expired for application authentication etc.
"What would be the scenario if in case the user password was expired" -- set all passwords to never expire. that's been a security recommendation within Microsoft for over a year I believe. It's based on people not creating secure passphrases when they have to change a password every 90 days... they just change 1 letter and wait 90 days again. If they make a more complex passphrase and it's never set to expire it's actually safer. The only time you'd need to change it is if they somehow got themselves compromised.