What Active Directory Domain Services role feature can be used to replace passwords with a two-step authentication process that combines verifying a device is enrolled in the domain and that the device has a personal identification number?
Microsoft Passport is a two-factor authentication (2FA) system that combines a PIN or biometrics (via Windows Hello) with encrypted keys from a user’s device to provide two-factor authentication.
