If you do hate passwords, this new feature from Microsoft might have solved that problem. With this feature, a user can send a push notification to Microsoft Authenticator, allowing access to any Microsoft 365 site without entering a password.
First of all, enable the so called “combined registration experience” in Azure AD under User settings.
Since I have a new tenant, the feature is automatically enabled for me.
After that, browse to Security > Authentication Methods > Policies. Select Microsoft Authenticator and enable it.
Users are not forced to use the new authentication method. They have to set that up themselves at https://aka.ms/mysecurityinfo.
Select Authenticator App as the method.
Download Microsoft Authenticator on the mobile phone.
Scan the QR code shown there.
Inside the Microsoft Authenticator app, select “Set up phone sign-in” and follow the wizard.
Now, upon logging in, you can select “User an app instead”. This will trigger a notification on the phone app.