🛡️ Microsoft Entra ID Passwordless Authentication Methods are used🟢⚪
- Contextual name: 🛡️ Passwordless Authentication Methods are used🟢⚪
- ID:
/ce/ca/azure/microsoft-entra-id/passwordless-authentication-methods - Tags:
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Description
Description
Passwordless authentication methods improve security and user experience by replacing passwords with something you have (e.g., a hardware key), something you are (biometrics), or something you know, offering a convenient and secure way to access resources.
Microsoft Entra ID and Azure Government integrate the following passwordless authentication options:
- Windows Hello for Business
- Platform Credential for macOS
- Platform single sign-on (PSSO) for macOS with smart card authentication
- Microsoft Authenticator
- Passkeys (FIDO2)
- Certificate-based authentication
Rationale
Using passwordless authentication makes sign-in easier and more secure by removing passwords, helping to protect organizations from attacks and improving the user experience.
Impact
Implementing passwordless authentication requires administrative effort and may incur costs for some methods. It has the potential to save time and money by improving user convenience and productivity and by reducing the need for password support.
Audit
... see more
Remediation
Remediation
- Review the passwordless authentication method options: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless.
- Choose a passwordless authentication method: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless#choose-a-passwordless-method.
- Implement the chosen passwordless authentication method.
policy.yaml
Linked Framework Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v5.0.0 → 💼 5.28 Ensure passwordless authentication methods are considered (Manual) | 1 | no data | |||
| 💼 Cloudaware Framework → 💼 Secure Access | 67 | no data |