Insights & Analyses

Microsoft embraces phone-based authentication, offering Office 365 users the ability to eliminate passwords – One World Identity

September 24, 2018

Microsoft is adding password-less support to its Azure Active Directory applications, including Office 365, allowing users to instead authenticate their identity with their smartphone and an app.

Password-less support in Azure AD leverages the Microsoft Authenticator app, available for both iOS and Android, which authorizes the user based on biometric authentication or a custom PIN number. By implementing password-less logins to Azure AD, the functionality will apply to hundreds of thousands of apps that use the company’s directory.

In a press release announcing the password-free initiative, Microsoft noted that nearly all data breaches are the result of a compromised password. Declaring “an end to the era of passwords,” the Redmond, Wash., software giant says it is at the forefront of helping enterprises eliminate passwords.

The changes build upon previous moves from Microsoft, after the company began offering a limited preview of password-less logins to Windows 10 with a FIDO2 security key earlier this year.

Monday’s announcement was part of the Ignite 2018 event in Orlando, where Microsoft also announced its new Threat Protection product, an end-to-end solution that can help protect, detect and remediate cyberthreats. The new service leverages both artificial intelligence and human research to speed up investigations to eliminate threats faster.

Microsoft also took the wraps off of a public preview of Azure confidential computing, making Azure the first cloud service to provide a platform for protecting the confidentiality and integrity of data in use.

Finally, Microsoft also unveiled a partnership with Adobe and SAP dubbed the Open Data Initiative, aiming to eliminate data silos and create a single view of customers, helping customers better govern data and support privacy and security initiatives. Together, they will offer mutual customers a common approach and set of resources based on three guiding principals:

  • Every organization owns and maintains complete, direct control of all their data.
  • Customers can enable AI-driven business processes to derive insights and intelligence from unified behavioral and operational data
  • A broad partner ecosystem should be able to easily leverage an open and extensible data model to extend the solution.

OWI Insight: Microsoft carries considerable clout in the software space, and its move to offer password-less logins for hundreds of thousands of apps will go a long way in helping to eliminate traditional logins. App-based two-factor authentication is a proven security method, far more reliable than traditional passwords. By leveraging biometric authentication, such as fingerprint or face scan, already built into a smartphone, these changes could also be embraced by consumers, enabling access to services with less friction.