<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: Onboarding a passwordless Azure AD user	</title>
	<atom:link href="https://inthecloud247.com/onboarding-a-passwordless-azure-ad-user/feed/" rel="self" type="application/rss+xml" />
	<link>https://inthecloud247.com/onboarding-a-passwordless-azure-ad-user/</link>
	<description>Intune, Windows, Office 365, Microsoft 365, Azure, Automation</description>
	<lastBuildDate>Tue, 13 Jan 2026 10:53:00 +0000</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>
		By: Artin		</title>
		<link>https://inthecloud247.com/onboarding-a-passwordless-azure-ad-user/#comment-260323</link>

		<dc:creator><![CDATA[Artin]]></dc:creator>
		<pubDate>Tue, 13 Jan 2026 10:53:00 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=11017#comment-260323</guid>

					<description><![CDATA[I’m wondering if it would make sense to keep TAP in the custom Conditional Access policy you created and make that your default—and only—CA policy.
In other words, you would copy the passwordless authentication strength, add TAP to it, and rely on a single CA policy instead of two (one for onboarding and another for all your resources).

The whole idea is to work around the fact that TAP isn’t included in the passwordless MFA strengths.

What do you think?]]></description>
			<content:encoded><![CDATA[<p>I’m wondering if it would make sense to keep TAP in the custom Conditional Access policy you created and make that your default—and only—CA policy.<br />
In other words, you would copy the passwordless authentication strength, add TAP to it, and rely on a single CA policy instead of two (one for onboarding and another for all your resources).</p>
<p>The whole idea is to work around the fact that TAP isn’t included in the passwordless MFA strengths.</p>
<p>What do you think?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Andrew		</title>
		<link>https://inthecloud247.com/onboarding-a-passwordless-azure-ad-user/#comment-200637</link>

		<dc:creator><![CDATA[Andrew]]></dc:creator>
		<pubDate>Tue, 16 May 2023 05:09:35 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=11017#comment-200637</guid>

					<description><![CDATA[Great article ?]]></description>
			<content:encoded><![CDATA[<p>Great article ?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Remco de Kievit		</title>
		<link>https://inthecloud247.com/onboarding-a-passwordless-azure-ad-user/#comment-199732</link>

		<dc:creator><![CDATA[Remco de Kievit]]></dc:creator>
		<pubDate>Fri, 05 May 2023 20:48:13 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=11017#comment-199732</guid>

					<description><![CDATA[Hi Peter, great artikel on how you enroll a passwordless account. Did you take a look at the msgraph commands to change the MFA preferred usage ? If you don&#039;t use conditionele access you don&#039;t have to have a p1 license when you only registeerd a security key. I shouldn&#039;t enroll hfb, this is even harder for the user and don&#039;t support roaming users. If a security is already enrolled for the user before the autopilot is starten you never have to use the tap more than 1 time. This means that the user must be enrolled online before the have access to there endpoint device.]]></description>
			<content:encoded><![CDATA[<p>Hi Peter, great artikel on how you enroll a passwordless account. Did you take a look at the msgraph commands to change the MFA preferred usage ? If you don&#8217;t use conditionele access you don&#8217;t have to have a p1 license when you only registeerd a security key. I shouldn&#8217;t enroll hfb, this is even harder for the user and don&#8217;t support roaming users. If a security is already enrolled for the user before the autopilot is starten you never have to use the tap more than 1 time. This means that the user must be enrolled online before the have access to there endpoint device.</p>
]]></content:encoded>
		
			</item>
	</channel>
</rss>
