Home › Azure AZ-900 › cloudcomputing › identitysecurity › Passwordless authentication on Microsoft Entra t…
Passwordless authentication on Microsoft Entra typically replaces the password with which combination of factors?
AJust a username — the platform skips authentication for trusted users
BTwo different passwords, each shorter than 8 characters
CJust an SMS one-time code with no other factor
DA device-bound credential (e.g. Windows Hello, FIDO2 security key, or Authenticator app) plus a biometric or PIN unlock
Answer & Solution
Correct answer: D. A device-bound credential (e.g. Windows Hello, FIDO2 security key, or Authenticator app) plus a biometric or PIN unlock
Passwordless on Entra uses a device-bound credential (asymmetric key in a TPM / FIDO2 key / Authenticator app) unlocked by a local gesture like biometric or PIN. SMS-only is single-factor and phishable; a username alone is no auth; two short passwords is still password-based.
Related questions
An administrator wants to grant a contractor read-only access to ONE specific resource groWhich Microsoft Entra capability adds a second authentication factor like an AuthenticatorMicrosoft Defender for Cloud is best described as:The defense-in-depth model recommends:The Zero Trust security model is based on which guiding principle?Microsoft Entra Domain Services differs from Microsoft Entra ID in that Domain Services:Microsoft Entra B2B (external identities) is designed to let an organisation:Azure role-based access control (RBAC) grants permissions by combining three things. Which