Passwordless Authentication for Microsoft 365

Summary

Passkey/Passwordless authentication for Microsoft 365 (M365) is a modern security approach that eliminates the need for traditional passwords, reducing the risk of breaches and improving user experience. 

Information Applies to

Faculty, Staff, Current Students, New Students

What It Is

Passwordless authentication uses secure methods like:

• Passkeys: Based on public/private key cryptography. The private key stays on your device and is unlocked via biometrics or a PIN, while the public key is registered with M365.
• Microsoft Authenticator App: Allows users to sign in by tapping a number shown on the screen—no password required.
• FIDO2 Security Keys: Physical keys ideal for shared devices or frontline workers.
• Windows Hello: Uses facial recognition or fingerprint to authenticate users.

Why It Matters

• Security: Over 80% of cyberattacks begin with stolen or weak passwords. Passwordless methods are resistant to phishing and credential theft.
• User Experience: Passkey users report a 98% success rate in sign-ins, compared to just 32% with passwords.
• Scalability: Admins can roll out passwordless options across tenants using Microsoft Entra ID (formerly Azure AD), with Conditional Access policies to enforce strong authentication.

How to Enable It on your account?

Prerequisites:

1. Microsoft Authenticator app to authenticate for Microsoft on a smartphone.
2. Microsoft Authenticator notification must be the default sign method as your multi-factor authentication (MFA).
3. Smartphone must be password or passcode protected.

Setup the Microsoft Authenticator

Note: If you are already using the app to authenticate for Microsoft and it is your default sign method, continue to next section: Setup Passwordless sign in.

1. Browse to https://aka.ms/mysecurityinfo.
2. If you aren’t signed into Microsoft, you will need to log in with your StarID@minnstate.edu (employee) or StarID@go.minnstate.edu (student)
3. Sign in, then click Add method > Authenticator app > Add to add Microsoft Authenticator.
4. Follow the instructions to install and configure the Microsoft Authenticator app on your device. The website walks you through this very well or you can use the knowledgebase articles below. 
   • Set up Microsoft Authenticator App - Android Device
   • Set up Microsoft Authenticator App - Apple/iOS Devices
5. Select Done to complete Authenticator configuration.
6. If you need to change your default sign-in method, select Change and choose App based authentication - notification. 

Setup Passwordless Sign In

1. In Microsoft Authenticator on your phone, choose your Minnesota State account (your StarID@minnstate.edu (employee) or StarID@go.minnstate.edu (student) will be listed).

2. Choose Setup passwordless sign-in requests under "Other Ways To Sign In" for the account registered.

3. Choose Continue at the "Sign-in with your phone" screen.

4. A verify your identity screen will appear with a two digit code. A few seconds later, you will see a pop-up to enter your two digit code and choose yes. Do both to continue. 

4. After authenticating, a "Help us keep your device secure," choose the Register button to register your device. 

Sign into your account online

1. Access your Microsoft 365 account by going to Microsoft online portal. (You may need to go into a web browser that you don't normally use or use an incognito/private browsing window so you can sign in)

To find this page from the Winona State webpage:

• In the top menu bar, select Info For tab and choose your group (Faculty & Staff, Current Students, etc.)
• Under the Resources list, select Office 365 & Email.

2. Sign in with your account with your StarID@minnstate.edu (employee) or StarID@go.minnstate.edu (student).
3. Instead of typing your password, choose Use an app instead.

4. Approve the sign in, by opening your Authenticator app, and entering the number shown on your sign in.

5. Select Approve sign in? from your phone. Type the number from step 4 and select Yes. 

6. Depending on what computer you are on (personal or private). Select the option that best fits your situation.

7. The next time you log in, it will not ask for your password. You will only have to approve your sign in with your authenticator app. 

Learn More

Need additional information or assistance? Contact WSU Tech Support by email or call 507.457.5240, option 1.

Need additional information or assistance? Contact WSU TLT by email, phone (507.457.5240, option 3), or Zoom.

Need additional information or assistance? Visit the Digital Learning Commons in Library 105.