Table of Contents
Microsoft Entra ID Passwordless Authentication #
Microsoft Entra ID passwordless authentication allows or requires users to authenticate directly using Kerberos against their Microsoft Entra ID for Windows login, applications, and browser sign-ins. This approach facilitates the adoption of phishing-resistant authentication and enables users to sign in securely via Kerberos using their Public Key Infrastructure (PKI).
Great user experience #
- Users requiring Kerberos-based authentication can now authenticate directly against Microsoft Entra ID, eliminating the need for investment in federated AD FS.
- The portal UI allows users to easily configure the mapping of Kerberos fields to user object attributes for tenant user lookup (Kerberos username bindings).
- The portal UI also enables the configuration of authentication policies to distinguish between single-factor and multifactor Kerberos authentication.
Easy to deploy and administer #
- Microsoft Entra ID Kerberos is available as a free feature, requiring no paid editions of Microsoft Entra ID.
- It eliminates the need for complex on-premises deployments or network configurations.
- Users can directly authenticate against Microsoft Entra ID, simplifying the authentication process.
Secure #
- Passwords are never stored in the cloud in any form.
- Enhances user account security by integrating seamlessly with Microsoft Entra Conditional Access policies, including blocking legacy authentication.
- Supports strong authentication by allowing users to define authentication policies through certificate fields, such as issuer or policy OID (object identifiers), to distinguish between single-factor and multifactor certificates.
Read how to join your machine to Microsoft Entra ID: HOW TO JOIN A WINDOWS MACHINE TO A MICROSOFT ENTRA ID DOMAIN