As you know, for the past few years, Microsoft has been working to remove the need of passwords to access Microsoft Cloud services through Azure Active Directory – also known as password less.
Well, there was still a problem as an end user needed to know his password at some point.
This now answered with the Temporary Access Pass, a one time passcode allowing end-user setting up their security keys and/or Microsoft Authenticator without ever needing to know the password.
To start using it, connect to your Azure AD portal (https://aad.portal.azure.com/) and access the Azure Active Directory\Security\Authentication Methods\Policies blade to enable the Temporary Access Pass method
When enabling the Temporary Access Pass, you can define the lifetime of the one time passcode – defaults are set as below:
- Minimum: 1 hour
- Maximum: 8 hours
- OneTime: no
- Length: 8 characters
Off course, it is recommended to turn OneTime to enabled as best practices; as this is a preview capability, I assume feedback will be given to get it enabled by default (you can give feedbacks here https://feedback.azure.com/forums/169401-azure-active-directory?category_id=368362)
Then you can access the end-user blade details to get the Temporary Access Pass code; you will have to switch to the new user authentication experience – you will see a purple banner if you did not have yet switch; you can go back at any time to the current experience using the blue banner link
Then you can add a new authentication method and select Temporary Access
And then define the one time passcode settings for the user for delayed activation (this can be useful for new joiners) and duration
Now you can get the one time passcode and share it to the end user (I did not remove the Temporary Access code on purpose ) and instruct to logon to https://aka.ms/mysecurityinfo to register their authentication methods (security keys and/or Microsoft Authenticator)
When user will logon, it will be asked for the password (which is unknown) with the option to use the one time passcode