Microsoft is planning to turn on a one-time passcode (OTP) feature in March that will grant temporary network access to business collaborators for organizations that use the Azure Active Directory B2B (Business to Business) service.
The OTP feature, which works by sending a temporary password via e-mail, has reached the “general availability” or commercial-release stage, according to a Microsoft announcement this week. It’s available to Azure AD B2B users but will get turned on in March for all existing and new tenancies, unless it’s blocked beforehand, per Microsoft’s documentation.
OTP for the Azure AD B2B service was at the preview stage almost two years ago, but it’s now deemed ready for production-environment use. It’s also a feature in the Microsoft Teams collaboration service, but it’s still at preview stage for those users.
“Email OTP is also being rolled out worldwide in Microsoft Teams preview mode,” the announcement indicated.
The OTP feature is there for cases when other guest authentication methods aren’t being used. For instance, the invitee may lack an Azure AD account or a Microsoft account, or may not have “Google federation,” Microsoft’s documentation explained.
Under the OTP temporary authentication scheme, outside parties are invited to gain network access via an e-mail invitation, which contains a link. Clicking this link initiates the sending of a second e-mail, which contains a temporary password. The temporary password only can be used within 30 minutes of arrival as a security precaution.
Invited users are treated “like other B2B guests,” so they are subject to any other policies set by an organization, the announcement explained. Consequently, it’s possible to impose things like Conditional Access policies and multifactor authentication requirements on the invitees, if wanted.