Microsoft Activating One-Time Passcode Feature in March for Azure Users

Microsoft is planning to turn on a one-time passcode (OTP) feature in March that will grant temporary network access to business collaborators for organizations that use the Azure Active Directory B2B (Business to Business) service.

The OTP feature, which works by sending a temporary password via e-mail, has reached the "general availability" or commercial-release stage, according to a Microsoft announcement this week. It's available to Azure AD B2B users but will get turned on in March for all existing and new tenancies, unless it's blocked beforehand, per Microsoft's documentation.

OTP for the Azure AD B2B service was at the preview stage almost two years ago, but it's now deemed ready for production-environment use. It's also a feature in the Microsoft Teams collaboration service, but it's still at preview stage for those users.

"Email OTP is also being rolled out worldwide in Microsoft Teams preview mode," the announcement indicated.

The OTP feature is there for cases when other guest authentication methods aren't being used. For instance, the invitee may lack an Azure AD account or a Microsoft account, or may not have "Google federation," Microsoft's documentation explained.

Under the OTP temporary authentication scheme, outside parties are invited to gain network access via an e-mail invitation, which contains a link. Clicking this link initiates the sending of a second e-mail, which contains a temporary password. The temporary password only can be used within 30 minutes of arrival as a security precaution.

Invited users are treated "like other B2B guests," so they are subject to any other policies set by an organization, the announcement explained. Consequently, it's possible to impose things like Conditional Access policies and multifactor authentication requirements on the invitees, if wanted.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Weird Blue Tunnel Graphic

    Microsoft Goes Deep on 'Solorigate' Secondary Attack Methods

    Microsoft on Wednesday published an analysis of the second-stage "Solorigate" attack methods used by an advanced persistent threat (APT) attack group.

  • Microsoft Talks Teams and SharePoint at Modern Workplace Event

    It's a hybrid world, but remote work is here to stay, according to Microsoft's Teams and SharePoint head Jeff Teper.

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

comments powered by Disqus