SSPR, MFA, and Passwordless Authentication in Azure AD

In this lecture, the focus is on Azure Active Directory (Azure AD) Authentication and its role in enhancing the end-user experience. Various facets of Azure AD authentication will be discussed, including self-service password reset, multi-factor authentication, password protection, and passwordless authentication.

You will explore how Azure AD authenticates credentials when users sign in to devices, services, or applications. It’s highlighted that authentication goes beyond usernames and passwords, integrating components to facilitate both the help desk and the users.

The self-service password reset feature of Azure AD is described, which allows users to change or reset passwords and unlock their accounts from any device using a web browser. The importance and function of multi-factor authentication are explained, emphasizing the need for a second form of verification beyond the password, like a phone call, SMS, or app notification.

Passwordless authentication is introduced, exemplified by the Windows Hello Service, enabling users to log in without a password. This reduces help desk calls for password issues. The specifics of how a user can reset their password through Azure AD’s password reset portal are described, along with the necessary steps and verifications involved.

The lecture covers the principles of multi-factor authentication in more detail, focusing on the requirement for users to provide evidence of their identity through a combination of knowledge (something they know like a password), possession (something they have like a smartphone or hardware key), and inherence (something they are like biometrics). It is noted that users can register themselves for both self-service password reset and multi-factor authentication.

The topic of password protection in Azure AD is then addressed. Azure AD’s global banned password list, which prevents the use of weak passwords, is mentioned, along with the capability to create custom password protection policies for further security enhancements. These policies can be integrated with an on-premises Active Directory environment to ensure strong passwords across both cloud and on-premises resources.

Finally, the lecture delves into passwordless authentication methods. Such methods allow users to sign in without a password, using biometrics, Windows Hello for Business, or a FIDO2 security key. Azure AD’s support for native passwordless authentication methods is said to simplify user sign-in processes and reduce security risks.