Secure authentication method provisioning with Temporary Access Pass

End user experience when login

Last Updated on March 14, 2024 by Michael Morten Sonne

What is TAP? 

TAP is a time-limited passcode that allows users to register passwordless authentication methods and recover access to their account without needing a password. You can also use a TAP to set up Windows devices, whether your users are directly setting up their own devices or they’re using Windows AutoPilotjoining devices to Azure AD, or even setting up Windows Hello for Business

Admin experience 

You can set up and configure TAP for your organization with the authentication methods policy. For example, you can limit TAP assignment to specific users and groups, limit the use for a short period, or set it for one-time use.  

Once the authentication method is enabled by policy, a privileged authentication administrator or an authentication administrator can create a TAP for the user either by visiting the user’s authentication methods blade or accessing via an API. We’ve also added the ability for admins to override existing TAPs. If a user forgets or loses a TAP that was previously created, just follow the same process to add a TAP to the user’s account, and we’ll handle the deletion of the old one.

End user experience

Once a user has a valid TAP, they can use it to sign in and register security information, such as passwordless phone signin directly from the Authenticator app, to add a FIDO2 key from the My Security Info page, or even to set up Windows Hello for Business on Azure AD Joined and Hybrid Azure AD Joined machines. In scenarios where MFA is required, TAP can also be used as an additional factor.

Learn more 

You can learn how to configure TAP in the documentation

New employee onboarding experiences can vary for every organization. TAP is available through the Microsoft Graph APIs, so you can incorporate it into your existing applications or your HR driven provisioning process. Learn more about policy APIs to configure TAP to suit your needs here

Previous Article

Azure DevOps - Get a local backup of your code repositories

Next Article

Network Device Discovery & Vulnerability Management with Microsoft 365 Defender

Related Posts

Discover more from Sonne´s Cloud

Subscribe now to keep reading and get access to the full archive 🤝🧑‍💻

Join 20 other subscribers