SmoothRunnings discusses Microsoft’s move toward passwordless sign-on and the potential changes for MFA in hybrid scenarios, featuring community input on Cloud Kerberos Trust and the continuity of the Authenticator app.

Passwordless Sign-On and MFA in Microsoft Hybrid Environments

A community member raises questions about Microsoft shifting away from passwords toward passwordless sign-on, specifically regarding:

Applicability in hybrid organizations (with both on-premises and cloud resources)
Uncertainty about the future of the Microsoft Authenticator app and alternatives for passkeys

Key Discussion Points:

Passwordless authentication is feasible and encouraged by Microsoft, but hybrid scenarios raise challenges for seamless sign-on, particularly where local resources are involved.
The conversation highlights ‘Cloud Kerberos Trust’ as a way to authenticate hybrid users against the cloud while retaining access to on-premises resources. This setup is referenced by the presence of a computer account called AZUREADSSOACC in Active Directory, indicating Azure AD SSO is configured.
Clarification is provided on misinformation regarding the discontinuation of the Microsoft Authenticator app. Contributors express skepticism about the rumored retirement and emphasize that authentication options remain robust.

Relevant Topics:

Microsoft’s evolving authentication strategy (passwordless, passkeys)
Hybrid identity and secure access across cloud/on-prem
Kerberos Trust bridges between local AD and Azure
Best practices for MFA in Microsoft ecosystems

References:

This post appeared first on “Reddit Microsoft”. Read the entire article here