🎙️ Entra.Chat - https://entra.chat

This episode of Entra Chat features Anju Singh, a Product Manager at Microsoft in the Microsoft Entra Authentication Experiences team. We discuss the newest authentication method in Entra: QR codes!

Anju answers heaps of questions in this deep dive including why Microsoft chose QR codes, how it works under the hood, what you should and shouldn't use it for, and the biggest question - is it considered MFA?

LinkedIn - https://www.linkedin.com/in/anjusingh29/

Prefer watching? Search for ‘Entra.Chat’ on YouTube

🔗 Related Links

* QR Code Announcement - https://techcommunity.microsoft.com/blog/microsoft-entra-blog/simplify-frontline-workers’-sign-in-experience-with-qr-code-authentication/3822034

* QR code authentication method - https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-qr-code

* Best practices to protect frontline workers - https://learn.microsoft.com/en-us/entra/identity-platform/security-best-practices-for-frontline-workers

* Set up optimized QR code authentication experience in Android app - https://learn.microsoft.com/en-us/entra/identity-platform/android-qr-code-pin-authentication

* Set up optimized QR code authentication experience in iOS/macOS app - https://learn.microsoft.com/en-us/entra/identity-platform/ios-qr-code-pin-authentication

📗 Chapters

00:00 Intro

02:58 Topic Intro: QR Code Authentication for Frontline Workers

03:30 The Problem: Why QR Code Sign-In?

04:09 Who Are Frontline Workers?

05:41 Challenges with Current Authentication (Username/Password)

07:29 Balancing Simplicity and Security

10:40 Target Scenario: Shared Devices

11:36 Other Use Cases: Education Sector

12:30 How It Works: User Sign-In Experience

15:34 QR Code Contents: More Than Just a Username

16:40 PIN & QR Code Relationship

17:13 Scenario: Lost Badge & Admin Actions

18:32 Replacing the PIN

19:10 Delegated Management: The My Staff Portal

22:11 Handling Forgotten Badges: Temporary QR Codes

24:45 Rolling Out: Bulk Generation via APIs

26:12 Cost Comparison: QR Codes vs. FIDO Keys

28:05 The Big Question: Is it MFA?

29:43 Security Best Practices & Conditional Access

30:43 Combining QR Code with MFA

35:31 Fallback Options (Username/Password, TAP)

37:35 Public Preview & Call for Feedback

38:57 Current Scope: Mobile Devices & Tablets Only

40:09 Integrating QR Sign-In into Apps (Web View vs. MSAL)

41:00 Desktop Support Status

42:26 How to Provide Feedback

43:30 Future Considerations: Barcode Scanners

44:39 Closing Thoughts & Call to Action

——

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

——

Merill's socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe