Introduction:
In this article we will be answering some frequently asked questions regarding Passwordless MFA for Technicians.
FAQs
1. How does this work if I already have the Microsoft Authenticator App or a Microsoft Tenant with Conditional access policies?
If your Microsoft tenant has Conditional Access Policies enforcing MFA with methods like SMS, Emails, or the MS Authenticator, you are already partially set up. You will use the MFA method that's configured at the tenant with the M365 account we create with our Just-In-Time Accounts and Passwordless MFA for Technicians feature.
To use passwordless authentication with M365 JIT accounts:
1. Download the free Microsoft Authenticator app.
2. Log in once with the CyberQP JIT account username and Password with a browser-based Microsoft Sign-In screen (EG: https://portal.azure.com)
3. Open your Microsoft Authenticator app and register the JIT account in there.
If the tenant's Conditional Access doesn't use MS Authenticator for MFA, you can use whatever method is set up (e.g: SMS to phone, email, or OTP stored in a hardware token solution (this is actually a bonus for tenants that don't use mobile phones like Defence Companies, Military, Correctional Institutes etc).
As a side note, Microsoft is making moves to enforce MFA for all tenants by adding a Conditional Access Policy to enforce MFA in the near future. Please see Microsoft Azure Will Require Mandatory MFA Starting July
CyberQP has designed its JIT Accounts system anticipating a change similar to this. This means you won't need to update or create MFA policies for every Microsoft tenant integrated with CyberQP.
We recognize the need to view the M365 password in our QTech mobile app for the initial setup of your MS Authenticator, and an enhancement to reveal this password will be added soon. In the meantime, you can fetch this password from the dashboard.
2. I'm already using DUO interactive logins (Windows Logon and RDP) on a system, will there be any conflicts using your Passwordless MFA for Technicians solution?
When you install Duo, other logon credential providers are disabled and hidden (your end-users can refer to this as the "logon tiles" on their Windows sign-in screen). This hiding feature also hides the "Technician Sign-In" tile used for our Passwordless MFA for technicians solution.
Please see our KB article Enabling the CyberQP Credential Provider while using Duo to allow our "Technician Sign-In" tile so that you may use the Passwordless MFA for technicians solution while Duo is still running on the same machine.
Comments
0 comments
Article is closed for comments.