none
passwordless logon to MSA not possible when co-used with work account RRS feed

  • Question

  • not sure if 'it's not a bug it's a feature' case so please can anyone confirm below. 

    i'm using my private device (Android 8) for accessing company data (BYOD). i've added couple accounts to authenticator:

    • GA account with @onmicrosoft.com (cloud account)
    • regular company account (synced from AD @company.com)
    • two personal MSA accounts

    my understanding is that passwordless option is available only for MSA accounts and in preview for AAD. neither option is working for me:

    • MSA account do not give an option to 'use phone for authentication'. it simply do not exist on my Authenticator
    • GA account can not use passwordless as it requires device enrollment in AAD. [ZONG!SIC! O_o ]
    • work account ... every time i launch Authenticator since the last upgrade i got the 'device is not registered' message. even though i was configuring it dozen times, with no error, it repeatedly shows the error. option available in Auth says: 'revert phone logon' [my translation, may be bit different in original]

    requirement for device enrollment i can like or not, but that i can understand. what i can't understand is, and be glad if anyone helps/clarifies:

    • why the heck i don't have this option for MSA accounts?
    • why it loops me during work account configuration? 
    • how can i verify if the option is/is not available to my tenant?

    thx!



    -o((: Leliv

    Wednesday, October 3, 2018 12:48 PM

All replies

  • We had to run some Powershell to turn it on in O365 while it is in Preview.

    Password less will only work with one account as it requires the device to be registered to the account that you wish to use for PW - less. I hope this gets updated in the future.

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in

    Tuesday, October 9, 2018 10:37 PM