20.12.2024 | TD SYNNEX
Lizenz: Adobe Stock
Windows 11 Web Sign-in is an innovative feature that allows users to sign in to their Windows device using something other than a password to authenticate themselves. Introduced with version 22H2, this Passwordless sign-in method uses the Microsoft Authenticator app. It is particularly useful in environments that require fast and secure logins , while eliminating the need to remember a complex password.
This article is a continuation of the article written previously and dedicated to the implementation of Passwordless on Microsoft 365 accounts. Here is a direct link to the latter.
It is indeed possible to have methods used as the main method, while others will only be accepted within the framework of MFA, as Microsoft rightly points out:
Some authentication methods can be used as a primary factor when you sign in to an app or device, such as using a FIDO2 security key or password. Other authentication methods are available only as a secondary factor when you use Microsoft Entra multi-factor authentication or SSPR.
Here is a table detailing the different accepted methods with their scope
| Method | Primary Authentication | Secondary Authentication |
|---|---|---|
| Windows Hello for Business | Yes | MFA |
| Microsoft Authenticator Push Notification | No | Multi-factor authentication and self-service password reset |
| Microsoft Authenticator without password | Yes | NEIN |
| Access key in Microsoft Authenticator (preview) | Yes | Multi-factor authentication and self-service password reset |
| Authenticator Lite | No | MFA |
| Access key (FIDO2) | Yes | MFA |
| Certificate authentication | Yes | MFA |
| OATH Hardware Tokens (preview) | No | Multi-factor authentication and self-service password reset |
| OATH Software Tokens | No | Multi-factor authentication and self-service password reset |
| External Authentication Methods (preview) | No | MFA |
| Temporary Access Pass (TAP) | Yes | MFA |
| SMS | Yes | Multi-factor authentication and self-service password reset |
| Voice call | No | Multi-factor authentication and self-service password reset |
| Password | Yes | No |
Web Sign-in is therefore a main method of the Passwordless type. Several articles on this blog already talk about other Passwordless methods such as:
Here are some other very interesting links in English:
The answer is yes: You must have active internet connectivity because the Web Sign-in authentication will necessarily be done through the latter.
| Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
|---|---|---|---|
| Yes | Yes | Yes | Yes |
Starting with Windows 11, version 22H2 with KB5030310 , you can enable a Web Sign-in experience on Microsoft Entra joined devices. This feature is called Web Sign-in and unlocks new sign-in options and features.
In a blog post on jlou.eu by Jean-Loup Orgitello, you will find detailed instructions on how to set up and test authentication for web logon on a Windows 11 workstation using the passwordless Microsoft Authenticator application. Click on the link to leave the TD SYNNEX blog.
TD SYNNEX
License Desk Team
software.ch@tdsynnex.com
All articles by the author