Windows 11 passwordless experience expands for organizations


  • Staff
The future is passwordless. Microsoft has an ongoing commitment with other industry leaders to enable a world without passwords. Today, we are excited to announce an improved Windows passwordless experience to organizations starting with the September 2023 update for Windows 11, version 22H2.

Passwords are inherently insecure, inconvenient, and a prime target for attacks. In 2022, Microsoft tracked 1,287 password attacks every second. In the last 12 months, we saw an average of more than 4,000 password attacks per second[1].

Microsoft paved the way for Microsoft Accounts (MSA) in the consumer space with fully passwordless accounts so you no longer need a password in the MSA identity directory. We are now laying the groundwork for more passwordless phish-resistant credentials for commercial organizations.

Phish-resistant credentials like Windows Hello for Business or FIDO2 security keys are both passwordless solutions and can protect user identities by removing the need to use passwords from day one. Commercial organizations can now set the EnablePasswordlessExperience MDM policy from Intune or another MDM to enable a fully passwordless user experience on Microsoft Entra ID joined machines.

Once the policy is set, it removes passwords from the user experience, both for device sign-in as well as in-session auth scenarios like password managers in a web browser, “Run as” admin scenarios, and User Account Control (UAC). Users will need to use Windows Hello for authentication in place of a password. If the user fails to sign in, recovery mechanisms such as PIN reset or Web sign-in can be used to help the user recover their credentials without IT helpdesk engagement.

Enable a Windows passwordless experience with Intune:​

To configure devices using Microsoft Intune, create a Settings catalog policy and use the following settings:
  • Category: Authentication
  • Setting name: Enable Passwordless Experience
  • Value: Enabled
large


Alternatively, you can configure devices using a custom policy with the Policy CSP.
  • OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Authentication/EnablePasswordlessExperience
  • Data type: int
  • Value: 1

Lock screen experience​

When the EnablePasswordlessExperience is turned on, the user will not see a password option on the Windows lock screen.

thumbnail image 2 captioned Windows lock screen with the passwordless experience turned off. The sign-in options displayed include password, security key, pin, Windows Hello, and fingerprint.


Windows lock screen with the passwordless experience turned off. The sign-in options displayed include password, security key, pin, Windows Hello, and fingerprint.

thumbnail image 3 captioned Screenshot of the Windows lock screen with the passwordless experience turned on. The sign-in options displayed include security key, pin, Windows Hello, and fingerprint.


Screenshot of the Windows lock screen with the passwordless experience turned on. The sign-in options displayed include security key, pin, Windows Hello, and fingerprint.

A password option will also not be visible on the Accounts settings under Sign-in options.

thumbnail image 4 captioned Screenshot of the Sign-in options available for a Windows user named Amanda Brady. Facial recognition, fingerprint recognition, PIN, and security key are shown. The password option is hidden.


Screenshot of the Sign-in options available for a Windows user named Amanda Brady. Facial recognition, fingerprint recognition, PIN, and security key are shown. The password option is hidden.

We are also pleased to share that we released a new web sign-in experience with the September 2023 update for Windows 11, version 22H2. The new experience is more secure, reliable, and performant—and is now available for all Microsoft Entra ID authentication methods. For more information, see Web sign-in for Windows.

This will help organizations and users gradually move away from passwords in the future. Ready to explore this new Windows passwordless experience? Have more questions? See our documentation on the Windows passwordless experience on Microsoft Learn.

To provide feedback on the Windows passwordless experience, open Feedback Hub and use the category Security and Privacy > Passwordless experience.
Click to expand...

Source:
techcommunity.microsoft.com

Windows passwordless experience expands

Explore the improved Windows passwordless experience to organizations now available for Windows 11, version 22H2.
techcommunity.microsoft.com

See also:
www.elevenforum.com

Enable or Disable Passwordless Sign-in for Microsoft Accounts in Windows 11 Tutorial

This tutorial will show you how to turn on or off only allow Windows Hello sign-in for Microsoft accounts for passwordless sign-in on your Windows 11 device. You can keep your device even more secure by removing passwords when signing in to Windows 11 with Microsoft accounts on your device. All...
www.elevenforum.com www.elevenforum.com
 

Attachments

  • Password.png
    Password.png
    6.8 KB · Views: 0
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article
New Microsoft Authenticator app version for Android and iOS - March 6
Replies
2
Views
817
BagOBolts
B
  • Article
You can now easily sign-in to all Microsoft accounts using Outlook Andriod app
Replies
0
Views
606
Brink
Brink
  • Article
New Microsoft Authenticator app version for Android - Feb. 14
Replies
0
Views
397
Brink
Brink
  • Article
Inclusive and productive Windows 11 experiences for everyone
Replies
0
Views
557
Brink
Brink
  • Article
New Microsoft Authenticator app version for Android and iOS - Feb. 5
Replies
5
Views
645
antspants
antspants

Latest Support Threads

Latest Tutorials

Back
Top Bottom