Authentication and MFA
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Microsoft Certified: Security, Compliance, and Identity Fundamentals premium course — no separate purchase.
14-day money-back guarantee — no questions asked.
Included in this chapter:
- Authentication and the three factors
- The authentication method catalog
- Self-service password reset (SSPR)
- Password protection and smart lockout
Authentication methods by factor category and phishing resistance
| Method | Factor category | Phishing-resistant | Typical role |
|---|---|---|---|
| Password | Something you know | No | Primary factor, the one to protect |
| SMS or voice call | Something you have | No | Second factor or SSPR, low assurance |
| OATH hardware or software token | Something you have | No | Second factor, offline TOTP code |
| Microsoft Authenticator push | Something you have | No | Second factor, broad low-friction rollout |
| Windows Hello for Business | Have plus are or know | Yes | Passwordless primary on a Windows device |
| FIDO2 security key or passkey | Have plus are or know | Yes | Passwordless, phishing-resistant sign-in |
| Certificate-based authentication | Something you have | Yes | Primary or MFA in PKI environments |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- Microsoft Entra authentication overview
- How it works: Microsoft Entra multifactor authentication
- Authentication methods in Microsoft Entra ID - Microsoft Authenticator
- Authentication methods in Microsoft Entra ID - passkeys (FIDO2)
- How it works: Microsoft Entra self-service password reset
- How self-service password reset writeback works in Microsoft Entra ID
- Eliminate bad passwords using Microsoft Entra Password Protection
- Enforce on-premises Microsoft Entra Password Protection for Active Directory Domain Services
- Protect user accounts from attacks with Microsoft Entra smart lockout