An organization wants to enable passwordless authentication for employees using biometric gestures or a PIN stored locally on their Windows devices, without requiring a password. Which Azure AD feature enables this?

  1. Azure AD Multi-Factor Authentication with phone call verification
  2. Azure AD Password Protection
  3. Windows Hello for Business ✓
  4. Azure AD Seamless Single Sign-On

Correct answer: Windows Hello for Business

Option C is correct because Windows Hello for Business replaces passwords with strong two-factor authentication that uses a cryptographic key pair tied to the device and verified by a biometric gesture or PIN, making it the Azure AD-integrated passwordless method for Windows endpoints. Option A, Multi-Factor Authentication with phone call verification, still relies on an existing password as the first factor and therefore is not a purely passwordless solution. Option B, Password Protection, is a service that bans weak passwords and does not provide a passwordless sign-in mechanism. Option D, Seamless SSO, reduces re-authentication prompts for domain-joined machines but still depends on a password-based first authentication.

Topic: · passwordless authentication, windows hello for business, azure ad, identity

Practice Microsoft Azure Security Engineer (AZ-500) Questions Free