News

Microsoft Previews One-Time Passcodes in Azure AD B2B Service

Microsoft added a preview feature to its Azure Active Directory Business to Business (B2B) service that makes it easier for business partners to gain access to an organization's network resources.

The new "one-time passcodes" preview in the Azure AD B2B service, announced on Monday, works via a series of e-mail exchanges. An invitee gets an invitation containing a "Send Code" link from an organization. After the invitee clicks on that link, he or she will get a second e-mail containing a code for gaining network access, which can be used for up to 30 minutes, according to Microsoft's documentation.

Once the invitee gets authenticated, the session allowing guest access is only available to the invitee within a one-day timeframe. It's a security precaution built into the one-time passcodes feature, according to the announcement:

Each authentication session only lasts 24 hours, after which guests have to re-authenticate with a new email OTP. This means your guests have to prove they still have access to their work email inboxes and have not left the partner company every 24 hours.

Organizations can optionally add multifactor authentication requirements onto the one-time passcodes scheme, if wanted. Multifactor authentication is another scheme for verifying user identities, which typically happens via responses to a cell phone call or messaging service.

Microsoft's announcement depicted the one-time passcodes preview as permitting network resource sharing with "anyone in the world with an email account." There's one technical restriction to the scheme. Organizations must send a link that includes the organization's "tenant context" (or tenant ID) within the link, Microsoft's documentation explained.

One-time passcodes are deemed handy when Azure AD B2B invitees lack other authentication options -- such as an Azure AD account, a Microsoft account or a Google account -- to gain guest network access privileges. Microsoft has been gradually expanding the identity provider options that can be used with this service.

According to Microsoft's documentation, "when the guest user signs in, one-time passcode authentication will be the fallback method if no other authentication methods can be used."

While the one-time passcode feature is currently at the preview stage, Microsoft is planning to turn it on later for all organizations using this service.

"After preview, this feature will be turned on by default for all tenants," Microsoft's documentation bluntly stated, although no timeline was described.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.