If you do hate passwords, this new feature from Microsoft might have solved that problem. With this feature, a user can send a push notification to Microsoft Authenticator, allowing access to any Microsoft 365 site without entering a password.

First of all, enable the so called “combined registration experience” in Azure AD under User settings.

Since I have a new tenant, the feature is automatically enabled for me.

After that, browse to Security > Authentication Methods > Policies. Select Microsoft Authenticator and enable it.

Users are not forced to use the new authentication method. They have to set that up themselves at https://aka.ms/mysecurityinfo.

Select Authenticator App as the method.

Download Microsoft Authenticator on the mobile phone.

Scan the QR code shown there.

Inside the Microsoft Authenticator app, select “Set up phone sign-in” and follow the wizard.

Now, upon logging in, you can select “User an app instead”. This will trigger a notification on the phone app.

References:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone