Cracking Entra ID

May 23, 2024


In Azure there is AuthN which is authentication and AuthZ which is authorization. AuthN has to do with proving you are who you say you are. AuthZ has to do with granting authenticated parties permission to do something. This blog will be focused on AuthN methods within Azure. Azure AD which is now Entra ID provides a robust set of AuthN methods to ensure that only authorized users can access resources.

Traditional Username and Password

The most familiar AuthN method is the traditional username and password. Users enter their credentials (username and password) to sign in. While this method is widely used, it has its limitations. Passwords can be weak, reused, or compromised, leading to security risks. It’s essential to emphasize the importance of strong, unique passwords and regular password changes. However, this is the weakest of the AuthN methods.

SMS-Based Passwordless Sign-In

Entra ID offers SMS-based authentication. With this method, users receive a one-time code via SMS to verify their identity. It eliminates the need for remembering passwords, making it convenient. However, relying solely on SMS can be risky due to potential SIM card swapping attacks or delays in receiving messages.

Microsoft Authenticator App

The Microsoft Authenticator app provides a secure and user-friendly alternative to passwords. Users install the app on their mobile devices and link it to their Entra ID account. When signing in, they receive a push notification on their phone, allowing them to approve or deny the login attempt. The app also supports time-based one-time passwords (TOTPs) for offline use. The Authenticator app strikes a balance between security and usability.

Windows Hello for Business

Windows Hello for Business takes passwordless authentication to the next level. It leverages biometric factors (such as facial recognition or fingerprint) or PINs for sign-in. This method offers the highest security while eliminating the need for passwords altogether. After all, the best password is no password! However, Windows Hello requires compatible hardware (such as a webcam or fingerprint reader).

Choosing the Right Method

Always consider the following factors when choosing an AuthN method:

  • Security: Windows Hello for Business provides the strongest security, followed by the Microsoft Authenticator app. SMS-based authentication is convenient but less secure.
  • Usability: The Microsoft Authenticator app strikes a good balance between security and ease of use. Users find it accessible and straightforward.
  • Availability: Ensure that the chosen method works across different devices and scenarios. For example, Windows Hello requires specific hardware, while the Authenticator app is versatile.

Remember that combining multiple AuthN methods enhances security. Entra ID supports multifactor authentication (MFA), where users provide additional verification beyond their primary method. Encourage users to explore these options and adopt best practices for a safer digital experience.


While Windows Hello is the safest choice, the Microsoft Authenticator app offers accessibility and ease of use. Choose wisely based on your organization’s needs and user preferences. For more information, visit the Microsoft Entra ID documentation. Stay secure, and happy authenticating!


Justin Tadros is a Project Manager and Data Analyst at The Training Boss. Justin has a bachelor degree in Theater performance from Rollins College and currently pursuing his Masters in business at the University of Center Florida.  Justin is certified on Microsoft Power BI and Progress Sitefinity Sales accreditation with on going training on Python and CMS technologies.  Justin performs in theaters in Orlando, Boston, Alaska and stand up comic whenever the opportunity arises.  His passion for performing and bringing incredible customer service to any industry he approaches is second to his commitment, dedication and hard work.


Playlist for Sitefinity on YouTube


Playlist for Microsoft Fabric on YouTube

Copyright © 2024 The Training Boss LLC

  Developed with Sitefinity 15.1.8321 on ASP.NET 8