We all have more passwords than we can count — or remember. Unless you have just one, in which case, please get yourself a few more. But passwords alone are far from the ideal way of keeping our accounts safe. That’s why most enterprises now bet on two-factor authentication to keep their networks secure. Microsoft, however, wants to join the ranks of those who are doing away with passwords altogether.
As the company today announced at its Ignite conference, it’ll now support password-less logins via its Microsoft Authenticator app for hundreds of thousands of Azure Active Directory-connected apps. “No company lets enterprises eliminate more passwords than Microsoft,” the company proudly writes in its announcement today.
The company has written about this in the past and with Windows Hello, it’s already offering a version of this for Windows 10 users. For Azure Active Directory, the Windows Authenticator app essentially replicates the functionality of Windows Hello and it lets users use their fingerprint, face or PIN to log in to their enterprise applications. The overall idea here is that you are still providing two factors of authentication: something you own (your phone) and something you have (your fingerprint or face).
Here is what that looks like for personal accounts. The process for enterprise accounts is quite similar.
For enterprise users, Microsoft also made a number of additional security announcements at Ignite. The first of those is the launch of Microsoft Secure Score, the evolution of Office 365 Secure Score. This service provides organizations with a report card for their security posture, allowing them to quickly assess where they need to make changes. Those changes could be turning on multi-factor authentication or turning off email forwarding.
Building on this theme, Microsoft is also launching Microsoft Threat Protection today, a new solution for Microsoft 365 subscribers. Since Microsoft 365 combines a range of services that span both online and offline, the company can now offer security solutions that do the same. Threat Protections looks at email accounts, PCs, documents and a user’s infrastructure to detect and mitigate attacks.
“Cybersecurity is the central challenge of the digital age,” writes Microsoft’s corporate VP for security Rob Lefferts, today. “Without it, the most basic human rights like privacy cannot exist. Every day organizations take precious time and resources away from their core business mission to defend against and recover from cyber attacks. They operate dozens of complex disconnected tools, yet the gaps between those tools remain and threats get through. Their security teams struggle to keep up and skilled expertise is scarce.”