Microsoft kicks off public preview of Azure AD password muffler

Credit: ID 135816774 © Andrei Gabriel Stanescu |

The latest phase of Microsoft’s war on passwords is the new public preview of support for security keys in its Azure Active Directory (Azure AD) enterprise identity management system.  

The new phase means that organizations with Azure AD can let users sign in to Microsoft and business apps using a FIDO2 security key instead of a password

Microsoft is careful to call it “passwordless” sign-in because it doesn’t actually replace passwords, but offers another way of authenticating that still retains passwords in the mix but demotes their usage. 

Microsoft’s white paper on “password-less protection” describes it as “password alternatives”.   

“This type of authentication requires two or more verification factors to sign in that are secured with a cryptographic key pair. The device creates a public and private key when registered. The private key can only be unlocked using a local gesture such as a biometric or PIN. Users have the option to either sign in directly via biometric recognition—such as fingerprint scan, facial recognition, or iris scan—or with a PIN that’s locked and secured on the device.”