Microsoft has declared the "end of the password era" by bringing its Authenticator sign-in app to the enterprise with support for the Azure Active Directory (AD) identity management service.
Microsoft is also looking to differentiate its cloud services with more security features, announcing a slew of new features that should improve security and make sign-in less of a pain for users.
Authenticator support for Azure AD means enterprise users will be able to use a smartphone with the Microsoft Authenticator app to login using a PIN, or a biometric, such as the face or fingerprint.
Microsoft announced the new Authenticator-based password-free support for Azure AD at its annual Ignite conference in Orlando, Florida.
The idea is that two-factor authentication via the app will make access to line-of-business apps that rely on Azure AD more secure since hackers are less likely to steal a phone than online passwords.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
"Using a multi-factor sign-in method, you can reduce compromise by 99.9 percent, and you can make the user experience simpler by eliminating passwords," wrote Rob Lefferts, Microsoft corporate vice president of security.
"No company lets enterprises eliminate more passwords than Microsoft. Today, we are declaring an end to the era of passwords."
Microsoft products that use Azure AD for sign-in include Office 365, Azure, and Dynamics CRM Online, so users of these should be able to sign in with the app too.
Microsoft has also launched the Microsoft Secure Score, a kind of report card where Microsoft rates your organization's security posture based on Microsoft services used, such as SharePoint and Exchange, and how they've been configured.
It will also guide users through the process of setting up multi-factor authentication to secure admin accounts and turn off email-forwarding rules.
Secure Score now covers all Microsoft 365 services and can be used to assess hybrid cloud workloads in the Azure Security Center.
Alongside this launch, it's also unveiled Microsoft Threat Protection, a machine-learning assisted service for detecting and remediating threats in the Microsoft 365 admin console. It's aimed at automating manual tasks when investigating devices, email, documents, and infrastructure.
And Microsoft has announced a new DC series of virtual machines in Azure that deliver its promise of 'confidential computing' on public cloud infrastructure using Intel's SGX hardware on its Xeon chips to enable code to run in trusted execution environments.
The company has moved the Microsoft Information Protection SDK to general availability. The SDK lets third-party developers build apps that use Microsoft's sensitivity labels.
Also for developers, Microsoft has launched the Graph Security API in general availability. The interface allows other security vendors to tap into threat intelligence and security signals from Microsoft apps, such as Office 365, Azure Active Directory and Intune.
Previous and related coverage
Windows 10: We're going to kill off passwords and here's how, says Microsoft
Microsoft wants to banish 'inconvenient, insecure, and expensive' passwords. So what's going to replace them?
This Windows file may be secretly hoarding your passwords and emails
A little-known Windows feature will create a file that stores text extracted from all the emails and plaintext-files found on your PC, which sometimes may reveal passwords or private conversations.
Microsoft: This Azure password-banning tool will help kill off bad 'P@$$w0rd' habits
Admins can now significantly reduce the risk of accounts being compromised by password-spraying attacks.
How to go beyond passwords in Windows 10 TechRepublic
Web sign-in, FIDO 2, remote biometrics--Windows 10 is ready for better security than passwords offer.
How Microsoft spotted another Russian hacking attempt CNET
Also: How it all fits in with a larger campaign to influence elections.