You can allow users to authenticate via Defender by using one-time passwords generated with Microsoft Authenticator.
To enable Microsoft Authenticator for a user
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
- In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
- Below the Tokens list, click the Program button.
- In the Select Token Type step, click to select the Software token option. Click Next.
- In the Select Software Token step, click to select the Microsoft Authenticator option.
- Complete the wizard to enable Microsoft Authenticator for the user.
- For more information about the wizard steps and options, see Defender Token Programming Wizard reference.