Temporary Access Pass (TAP) in Microsoft Entra

1 – What is Temporary Access Pass (TAP) :

The “Temporary Access Pass” (TAP) in Microsoft Entra is a time-limited secret code that can be configured for one or more uses12. Users can log in with a TAP to integrate other password-free authentication methods, such as Microsoft Authenticator, FIDO2 and Windows Hello Enterprise.

A TAP also facilitates recovery when a user has lost or forgotten a strong authentication factor such as a FIDO2 security key or the Microsoft Authenticator application, but needs to log in to register new strong authentication methods.

With the addition of Temporary Access Pass to Microsoft Entra ID, administrators can provide time-limited credentials to their users, enabling them to register from any device or location. Temporary Access Pass credentials satisfy the multi-factor authentication requirements of Conditional Access.

2 – Mindmap to configure Temporary Access Pass (TAP) :

here is the mindmap to configure Temporary Access Pass (TAP)

3 – Configure Temporary Access Pass (TAP) :

A – Enable Temporary Access Pass (TAP) from Entra ID :

To activate and use a TAP, please follow the steps below :

  • Log in to the Microsoft Entra Administration Center as Global Admin or as an Authentication Policy Administrator.
  • Go to Protection -> Authentication methods -> Policies.
  • In the list of available authentication methods, select Temporary Access Pass.
  • Click Enable, then select the users to be included or excluded from the policy.
  • (Optional) Select Configure to change the default Temporary Access Pass settings, such as maximum lifetime, or length, then click Update.
  • Select Save to apply the policy.

B – Add new authentication method per user :

To add new authentication method per user, please follow the steps below :

Once in the user setting page :

  1. Go to “Auhthentication methods” from the left menu bar
  2. Select “+ Add Auhthentication method
  3. in the right Menu bar, select “Temporary Access Pass
  4. Set validity settings as your convinience.
  5. Selct “Add” buton
  • new window will appear with several information about password and validity.
  • Copy provided password to notepad.
  • Enter your Temporary Access Pass (TAP) here :
  • Click Next
  • finally you will connected to your account as you can see in the following printscreen.

Conclusion

TAP offers a secure and convenient way for users to connect to Microsoft Cloud without having to remember or enter complex passwords. It is particularly useful for organizations wishing to reduce their reliance on passwords and improve their overall security posture.

Thanks

Aymen EL JAZIRI (Microsoft MVP)
Aymen EL JAZIRI (Microsoft MVP)

Hi, I’m Aymen El Jaziri , a passionate System Administrator and Microsoft MVP, with years of hands-on experience in managing and securing modern IT infrastructures.
This blog is where I share technical guides, automation scripts, product reviews, and real-world solutions that help IT professionals simplify their day-to-day work and stay ahead in a fast-evolving cloud ecosystem.
Whether you’re here to troubleshoot an issue, improve your automation game, or learn new best practices , welcome in my blog !
Let’s build a stronger, smarter IT community together.
Feel free to connect with me on LinkedIn for more content, discussions, or collaboration opportunities.

Thanks

Aymen

Articles: 154

Related Posts

Trending now

Why it’s important to to disable user application consent in Microsoft 365
Intune Security Deep Dive : Enable Tamper Protection to Secure Defender Settings on Windows Devices
Unlock Your Microsoft 365 Tenant after Conditional Access misconfiguration in One Click
Maximize RDS Collection Efficiency : PowerShell Automation for Seamless Maintenance