Passwordless Authentication — Microsoft Azure Security Engineer (AZ-500) Practice Questions
Passwordless authentication replaces traditional passwords with cryptographic credentials bound to a device or biometric, eliminating the largest class of credential-theft attacks such as phishing and password spray. On the AZ-500 exam, candidates must understand the three Microsoft-supported passwordless methods, which are Windows Hello for Business, the Microsoft Authenticator app, and FIDO2 security keys, as well as the Azure AD configuration steps required to enable and enforce each. Security engineers should know how Conditional Access policies can require passwordless methods and how these approaches satisfy both phishing-resistant MFA requirements and compliance frameworks.