You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/concept-authentication-methods.md
+15-14Lines changed: 15 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,27 +1,34 @@
1
1
---
2
-
title: Authentication methods - Azure Active Directory
3
-
description: Authentication methods available in Azure AD for MFA and SSPR
2
+
title: Authentication methods and features - Azure Active Directory
3
+
description: Learn about the different authentication methods and features available in Azure Active Directory to help improve and secure sign-in events
4
4
5
5
services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: authentication
8
8
ms.topic: conceptual
9
-
ms.date: 03/09/2020
9
+
ms.date: 05/04/2020
10
10
11
11
ms.author: iainfou
12
12
author: iainfoulds
13
13
manager: daveba
14
-
ms.reviewer: sahenry, michmcla
15
14
16
15
ms.collection: M365-identity-device-management
16
+
ms.custom: contperfq4
17
+
18
+
# Customer intent: As an identity administrator, I want to understand what authentication options are available in Azure AD and how or why I can use them to improve and secure user sign-in events.
17
19
---
18
-
# What are authentication methods?
20
+
# What authentication methods and features are available in Azure Active Directory?
21
+
22
+
As part of the sign-in experience for accounts in Azure Active Directory (Azure AD), there are different ways that a user can authenticate themselves. A username and password is the most common way a user would historically provide credentials. With modern authentication and security features in Azure AD, that basic password can be supplemented or replaced with additional authentication methods.
19
23
20
-
As an administrator, choosing authentication methods for Azure Multi-Factor Authentication and self-service password reset (SSPR) it is recommended that you require users to register multiple authentication methods. When an authentication method is not available for a user, they can choose to authenticate with another method.
24
+
A user could choose to authenticate using one of the following authentication methods:
21
25
22
-
Administrators can define in policy which authentication methods are available to users of SSPR and MFA. Some authentication methods may not be available to all features. For more information about configuring your policies see the articles [How to successfully roll out self-service password reset](howto-sspr-deployment.md) and [Planning a cloud-based Azure Multi-Factor Authentication](howto-mfa-getstarted.md)
26
+
* Traditional username and password
27
+
* Microsoft Authenticator App passwordless sign-in
28
+
* OATH hardware token, such as FIDO2 security key
29
+
* SMS-based passwordless sign-in
23
30
24
-
Microsoft highly recommends Administrators enable users to select more than the minimum required number of authentication methods in case they do not have access to one.
31
+
Many accounts in Azure AD are enabled for self-service password reset (SSPR) or Azure Multi-Factor Authentication. These features include additional authentication methods such as voice call or security questions. It's recommended that you require users to register multiple authentication methods. When an authentication method isn't available for a user, they can choose to authenticate with another method. The following table outlines what authentication methods are available for the different scenarios:
25
32
26
33
|Authentication Method|Usage|
27
34
| --- | --- |
@@ -36,11 +43,6 @@ Microsoft highly recommends Administrators enable users to select more than the
36
43
37
44
38
45
39
-
||
40
-
| --- |
41
-
| OATH Hardware tokens for MFA and SSPR are public preview features of Azure Active Directory. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)|
42
-
||
43
-
44
46
## Password
45
47
46
48
Your Azure AD password is considered an authentication method. It is the one method that **cannot be disabled**.
@@ -53,7 +55,6 @@ If you use security questions, we recommend using them in conjunction with anoth
53
55
54
56
> [!NOTE]
55
57
> Security questions are stored privately and securely on a user object in the directory and can only be answered by users during registration. There is no way for an administrator to read or modify a user's questions or answers.
0 commit comments