Azure AD – You can now use Microsoft Authenticator code matching for authentication (preview)

Another step to a passwordless world.

As you know, you can signing with no password using a FIDO key or Windows Hello.

Well, you can now also use the one time code from your Microsoft Authenticator app.

First thing you need to enable this new feature by logging on your Azure AD portal ( and access the Azure Active Directory\Security\Authentication Methods\Policies blade to edit the Microsoft Authenticator authentication method


Then select Yes to enable the Number matching required option.

Don’t forget to hit Save after turning the option on


If not already done, instruct your user to register for Azure MFA and ensure they register for passwordless authentication (see – just the user part, skip the policy configuration at the beginning).

Once done, your users can now use the code from the Microsoft Authenticator app to sign in by hitting the number shown during the authentication process.