Microsoft is allowing Azure Active Directory (Azure AD) administrators to generate time-limited credentials. These credentials can be used for passwordless authentication and restoring accounts after losing credentials or FIDO2 keys.
The Temporary Access Pass (TAP) functionality can be used for secure passwordless methods, anti-phishing measures and first-time Windows registrations. In addition, time-based Azure AD access simplify recovering lost authentication credentials. TAP login credentials can be created and deleted by authorized administrators in the Azure AD portal.
Stricter default settings
The introduction of TAP is part of a broader strategy. Microsoft wants to strengthen the default security settings of all Azure AD end users. In January 2020, new settings were pushed to more than 60,000 Azure AD accounts and roughly 60 million end users. The settings include new requirements for modern authentication like passwordless sign-in and MFA.