WHY US

What's Hyperconvergence?

Why Hyperconvergence?

Who's Virtual SAN?

What's Software-Defined Storage?

Why Software-Defined Storage?

Who's HCI Appliance?

What's All-Flash Exactly?

Why All-Flash Exactly?

Who's Virtual Tape Library?
HCI Appliance
Modern data center building block. A powerful, easy-to-use hyperconverged platform

Request a quote Request a quote

Virtual HCI Appliance
Exact set of software components powering our HCI appliance, pre-packaged and ready to install on your own hardware

Book a demo Book a demo

Virtual HCI Appliance Free
Self-supported, KVM-based version of StarWind Virtual HCI Appliance, available for free

Virtual SAN
“Software replaces hardware” for SAN, application that eliminates a requirement in a physical shared storage

Download Download

Virtual SAN Free
Experience all the essential features in a self-supported, free version of StarWind VSAN

VTL Appliance
Immutable, ransomware-proof backup and archive target

Virtual Tape Library
“Software replaces hardware” for tape libraries

Virtual Tape Library Free
All the essentials features of StarWind VTL, for free

NVMe-oF Initiator
High-performance NVMe over Fabrics initiator for Windows

NVMe-oF Initiator Free
Essential features of NVMe-oF Initiator, available at no cost

Backup Appliance
All-in-one choice to safeguard your mission-critical data.

Free tools

V2V Converter / P2V Converter

RDMA Performance Benchmark

Deduplication Analyzer

Tape Redirector

RAM Disk
Pricing

Our Vision

Licensing Models
Resources

Use Cases

Webinars

White Papers

Best Practices

Success Stories

Release Notes

Technical Papers
Blog
SUPPORT

Community Forums

FAQ

Knowledge Base

Product Lifecycle

StarWind VSAN Help

Product Security

StarWind V2V Help

System Requirements

Contact Support

If you encounter any challenges or technical issues with StarWind products, we encourage you to reach our Technical Support department.

Submit Ticket
Partners

OEM Solutions

Become a Reseller

Find a Reseller

VAR Portal
About us

Management

Certifications

Events

Our Customers

Press Releases

Product Reviews

Contact us
- - DE
  - ES
Book a demo

Home
Blog
Enable and use Temporary Access Pass in Azure AD

StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Find out how HCI cuts down virtualization costs and complexity

Enable and use Temporary Access Pass in Azure AD

October 13, 2022
5 min read

Romain Serre

IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.

IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.

A Temporary Access Pass (TAP) is a time-limited passcode issued by an admin that satisfies strong authentication requirements (Microsoft definition). TAP can be used in two different contexts:

When onboarding a user to register another authentication method (such as Microsoft Authenticator or FIDO2)
When a user recovers a lost or a forgotten of their strong authentication method (for example a user lost FIDO2 key)

TAP is a passwordless authentication methods like a FIDO2 or a Passwordless phone sign-in through Microsoft authenticator. So TAP helps to register a passwordless authentication methods without users specify a personal E-mail address or a mobile phone at the first registration.

From my point of view, it is a good method to onboard new user in a company. We can provide a TAP password to this user for his first log in. Then he can register a passwordless authentication method. TAP helps to embrace a full passwordless world.

In this topic, we’ll see how to enable TAP and how to create a TAP for a user.

Enable Temporary Access Pass

First open your Azure AD and navigate to Security > Authentication Methods. Then in Policies, select Temporary Access Pass.

Enable Temporary Access Pass and choose a target.

In Configure, you can change the lifetime and the length of the TAP. You can also set TAP to be used one time or several time.

Enable a TAP for a user

In Azure AD navigate to users, a select a user. In Authentication methods, click on Add authentication method.

In the next screen, you can delay start time of the TAP. For example, you know that a new employee is coming next Monday, you can delay the TAP for the next Monday. You can also choose the TAP activation duration and if the TAP is useable one time or several time.

A pass is generated and Microsoft provide a link to go to security info in Azure AD profile.

Use Temporary Access Pass

In the following screenshot (sorry for French screenshot), I use TAP in Autopilot process. So the user specify his E-mail address.

Then the user can type their Temporary Access Pass.

After that the user is asked to register Microsoft Authenticator or a FIDO2 key. If you use Microsoft Authenticator, I recommend heavily to configure Microsoft Authenticator from the smartphone to get passwordless authentication.

Hey! Found Romain’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?

Taras Shved StarWind HCI Appliance Product Manager

Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!