Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (2023)

  • Article
  • 9 minutes to read

Passwordless authentication methods, such as FIDO2 and Passwordless Phone Sign-in through the Microsoft Authenticator app, enable users to sign in securely without a password.Users can bootstrap Passwordless methods in one of two ways:

  • Using existing Azure AD Multi-Factor Authentication methods
  • Using a Temporary Access Pass (TAP)

A Temporary Access Pass is a time-limited passcode that can be configured for multi or single use to allow users to onboard other authentication methods including passwordless methods such as Microsoft Authenticator, FIDO2 or Windows Hello for Business.

A Temporary Access Pass also makes recovery easier when a user has lost or forgotten their strong authentication factor like a FIDO2 security key or Microsoft Authenticator app, but needs to sign in to register new strong authentication methods.

This article shows you how to enable and use a Temporary Access Pass in Azure AD using the Azure portal.You can also perform these actions using the REST APIs.

Enable the Temporary Access Pass policy

A Temporary Access Pass policy defines settings, such as the lifetime of passes created in the tenant, or the users and groups who can use a Temporary Access Pass to sign-in.Before anyone can sign-in with a Temporary Access Pass, you need to enable Temporary Access Pass in the authentication method policy and choose which users and groups can sign in by using a Temporary Access Pass.Although you can create a Temporary Access Pass for any user, only those included in the policy can sign-in with it.

Global administrator and Authentication Policy administrator role holders can update the Temporary Access Pass authentication method policy.To configure the Temporary Access Pass authentication method policy:

  1. Sign in to the Azure portal using an account with global administrator permissions.

  2. Search for and select Azure Active Directory, then choose Security from the menu on the left-hand side.

  3. Under the Manage menu header, select Authentication methods > Policies.

    (Video) Temporary Access Pass in Azure AD

  4. From the list of available authentication methods, select Temporary Access Pass.

    Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (1)

  5. Set the Enable to Yes to enable the policy. Then select the Target users.

    Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (2)

  6. (Optional) Select Configure and modify the default Temporary Access Pass settings, such as setting maximum lifetime, or length.Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (3)

  7. Select Save to apply the policy.

    The default value and the range of allowed values are described in the following table.

    SettingDefault valuesAllowed valuesComments
    Minimum lifetime1 hour10 – 43,200 Minutes (30 days)Minimum number of minutes that the Temporary Access Pass is valid.
    Maximum lifetime8 hours10 – 43,200 Minutes (30 days)Maximum number of minutes that the Temporary Access Pass is valid.
    Default lifetime1 hour10 – 43,200 Minutes (30 days)Default values can be overridden by the individual passes, within the minimum and maximum lifetime configured by the policy.
    One-time useFalseTrue / FalseWhen the policy is set to false, passes in the tenant can be used either once or more than once during its validity (maximum lifetime). By enforcing one-time use in the Temporary Access Pass policy, all passes created in the tenant will be created as one-time use.
    Length88-48 charactersDefines the length of the passcode.

Create a Temporary Access Pass

After you enable a policy, you can create a Temporary Access Pass for a user in Azure AD.These roles can perform the following actions related to a Temporary Access Pass.

  • Global Administrators can create, delete, and view a Temporary Access Pass on any user (except themselves)
  • Privileged Authentication Administrators can create, delete, and view a Temporary Access Pass on admins and members (except themselves)
  • Authentication Administrators can create, delete, and view a Temporary Access Pass on members (except themselves)
  • Global Reader can view the Temporary Access Pass details on the user (without reading the code itself).
  1. Sign in to the Azure portal as either a Global administrator, Privileged Authentication administrator, or Authentication administrator.

  2. Select Azure Active Directory, browse to Users, select a user, such as Chris Green, then choose Authentication methods.

  3. If needed, select the option to Try the new user authentication methods experience.

    (Video) Go passwordless | Hands-on tour in Azure AD with FIDO2 keys and Temporary Access Pass

  4. Select the option to Add authentication methods.

  5. Below Choose method, select Temporary Access Pass.

  6. Define a custom activation time or duration and select Add.

    Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (4)

  7. Once added, the details of the Temporary Access Pass are shown. Make a note of the actual Temporary Access Pass value. You provide this value to the user. You can't view this value after you select Ok.

    Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (5)

The following commands show how to create and get a Temporary Access Pass by using PowerShell.

# Create a Temporary Access Pass for a user$properties = @{}$properties.isUsableOnce = $True$properties.startDateTime = '2022-05-23 06:00:00'$propertiesJSON = $properties | ConvertTo-JsonNew-MgUserAuthenticationTemporaryAccessPassMethod -UserId user2@contoso.com -BodyParameter $propertiesJSONId CreatedDateTime IsUsable IsUsableOnce LifetimeInMinutes MethodUsabilityReason StartDateTime TemporaryAccessPass-- --------------- -------- ------------ ----------------- --------------------- ------------- -------------------c5dbd20a-8b8f-4791-a23f-488fcbde3b38 5/22/2022 11:19:17 PM False True 60 NotYetValid 23/05/2022 6:00:00 AM TAPRocks!# Get a user's Temporary Access PassGet-MgUserAuthenticationTemporaryAccessPassMethod -UserId user3@contoso.comId CreatedDateTime IsUsable IsUsableOnce LifetimeInMinutes MethodUsabilityReason StartDateTime TemporaryAccessPass-- --------------- -------- ------------ ----------------- --------------------- ------------- -------------------c5dbd20a-8b8f-4791-a23f-488fcbde3b38 5/22/2022 11:19:17 PM False True 60 NotYetValid 23/05/2022 6:00:00 AM

For more information, see New-MgUserAuthenticationTemporaryAccessPassMethod and Get-MgUserAuthenticationTemporaryAccessPassMethod.

Use a Temporary Access Pass

The most common use for a Temporary Access Pass is for a user to register authentication details during the first sign-in or device setup, without the need to complete extra security prompts. Authentication methods are registered at https://aka.ms/mysecurityinfo. Users can also update existing authentication methods here.

  1. Open a web browser to https://aka.ms/mysecurityinfo.

  2. Enter the UPN of the account you created the Temporary Access Pass for, such as tapuser@contoso.com.

    (Video) 32. Configure Temporary Access Pass in Azure Active Directory

  3. If the user is included in the Temporary Access Pass policy, they'll see a screen to enter their Temporary Access Pass.

  4. Enter the Temporary Access Pass that was displayed in the Azure portal.

    Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (6)

Note

For federated domains, a Temporary Access Pass is preferred over federation. A user with a Temporary Access Pass will complete the authentication in Azure AD and will not get redirected to the federated Identity Provider (IdP).

The user is now signed in and can update or register a method such as FIDO2 security key.Users who update their authentication methods due to losing their credentials or device should make sure they remove the old authentication methods.Users can also continue to sign-in by using their password; a TAP doesn’t replace a user’s password.

User management of Temporary Access Pass

Users managing their security information at https://aka.ms/mysecurityinfo will see an entry for the Temporary Access Pass. If a user does not have any other registered methods, they'll be presented a banner at the top of the screen requesting them to add a new sign-in method. Users can additionally view the TAP expiration time, and delete the TAP if no longer needed.

Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (7)

Windows device setup

Users with a Temporary Access Pass can navigate the setup process on Windows 10 and 11 to perform device join operations and configure Windows Hello for Business. Temporary Access Pass usage for setting up Windows Hello for Business varies based on the devices joined state.

For Azure AD Joined devices:

(Video) Azure AD Temporary Access Pass

  • During the Azure AD Join setup process, users can authenticate with a TAP (no password required) to join the device and register Windows Hello for Business.
  • On already joined devices, users must first authenticate with another method such as a password, smartcard or FIDO2 key, before using TAP to set up Windows Hello for Business.
  • If the Web sign-in feature on Windows is also enabled, the user can use TAP to sign into the device. This is intended only for completing initial device setup, or recovery when the user does not know or have a password.

For Hybrid Azure AD Joined devices:

  • Users must first authenticate with another method such as a password, smartcard or FIDO2 key, before using TAP to set up Windows Hello for Business.

Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (8)

Passwordless phone sign-in

Users can also use their Temporary Access Pass to register for Passwordless phone sign-in directly from the Authenticator app.For more information, see Add your work or school account to the Microsoft Authenticator app.

Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra (9)

Guest access

Guest users can sign-in to a resource tenant with a Temporary Access Pass that was issued by their home tenant if the Temporary Access Pass meets the home tenant authentication requirement.If MFA is required for the resource tenant, the guest user needs to perform MFA in order to gain access to the resource.

Expiration

An expired or deleted Temporary Access Pass can’t be used for interactive or non-interactive authentication.Users need to reauthenticate with different authentication methods after the Temporary Access Pass is expired or deleted.

The token lifetime (session token, refresh token, access token, etc.) obtained via a Temporary Access Pass login will be limited to the Temporary Access Pass lifetime. As a result, a Temporary Access Pass expiring will lead to the expiration of the associated token.

Delete an expired Temporary Access Pass

Under the Authentication methods for a user, the Detail column shows when the Temporary Access Pass expired. You can delete an expired Temporary Access Pass using the following steps:

  1. In the Azure AD portal, browse to Users, select a user, such as Tap User, then choose Authentication methods.
  2. On the right-hand side of the Temporary Access Pass authentication method shown in the list, select Delete.

You can also use PowerShell:

# Remove a user's Temporary Access PassRemove-MgUserAuthenticationTemporaryAccessPassMethod -UserId user3@contoso.com -TemporaryAccessPassAuthenticationMethodId c5dbd20a-8b8f-4791-a23f-488fcbde3b38

For more information, see Remove-MgUserAuthenticationTemporaryAccessPassMethod.

Replace a Temporary Access Pass

  • A user can only have one Temporary Access Pass. The passcode can be used during the start and end time of the Temporary Access Pass.
  • If the user requires a new Temporary Access Pass:
    • If the existing Temporary Access Pass is valid, the admin can create a new Temporary Access Pass which will override the existing valid Temporary Access Pass.
    • If the existing Temporary Access Pass has expired, a new Temporary Access Pass will override the existing Temporary Access Pass.

For more information about NIST standards for onboarding and recovery, see NIST Special Publication 800-63A.

(Video) Implementing FIDO2 authentication for Azure AD users

Limitations

Keep these limitations in mind:

  • When using a one-time Temporary Access Pass to register a Passwordless method such as FIDO2 or Phone sign-in, the user must complete the registration within 10 minutes of sign-in with the one-time Temporary Access Pass. This limitation doesn't apply to a Temporary Access Pass that can be used more than once.
  • Users in scope for Self Service Password Reset (SSPR) registration policy or Identity Protection Multi-factor authentication registration policy will be required to register authentication methods after they've signed in with a Temporary Access Pass.Users in scope for these policies will get redirected to the Interrupt mode of the combined registration. This experience doesn't currently support FIDO2 and Phone Sign-in registration.
  • A Temporary Access Pass can't be used with the Network Policy Server (NPS) extension and Active Directory Federation Services (AD FS) adapter.
  • After a Temporary Access Pass is added to an account or expires, it can take a few minutes for the changes to replicate. Users may still see a prompt for Temporary Access Pass during this time.

Troubleshooting

  • If a Temporary Access Pass isn't offered to a user during sign-in, check the following:
    • The user is in scope for the Temporary Access Pass authentication method policy.
    • The user has a valid Temporary Access Pass, and if it's one-time use, it wasn’t used yet.
  • If Temporary Access Pass sign in was blocked due to User Credential Policy appears during sign-in with a Temporary Access Pass, check the following:
    • The user has a multi-use Temporary Access Pass while the authentication method policy requires a one-time Temporary Access Pass.
    • A one-time Temporary Access Pass was already used.
  • If Temporary Access Pass sign-in was blocked due to User Credential Policy, check that the user is in scope for the TAP policy.

Next steps

  • Plan a passwordless authentication deployment in Azure Active Directory

FAQs

How do I set up a temporary access pass in Azure AD? ›

Search for and select Azure Active Directory, then choose Security from the menu on the left-hand side. Under the Manage menu header, select Authentication methods > Policies. From the list of available authentication methods, select Temporary Access Pass. Set the Enable to Yes to enable the policy.

How do I enable passwordless in Microsoft Authenticator? ›

Open the Authenticator app and set up your account in the app by following the prompts. Sign in to your Microsoft Account Additional security options. Under Password-free account, select Turn on. Follow the prompts to verify your account.

Which are the supported options for enabling passwordless authentication for Azure AD? ›

Microsoft global Azure and Azure Government offer the following three passwordless authentication options that integrate with Azure Active Directory (Azure AD): Windows Hello for Business. Microsoft Authenticator. FIDO2 security keys.

How do I enable conditional access in Azure? ›

Create a Conditional Access policy

Sign in to the Azure portal as a Conditional Access Administrator, Security Administrator, or Global Administrator. Browse to Azure Active Directory > Security > Conditional Access. Select New policy. Give your policy a name.

Which forms of passwordless authentication are enabled for your users? ›

Common types of passwordless authentication include email-based, SMS-based, multi-factor, biometrics or passwordless authentication for logged-in users. Authentication through email includes verifying a user with a magic link or one-time code.

Which three authentication methods can Azure AD users use to reset their password? ›

The following authentication methods are available for SSPR: Mobile app notification. Mobile app code. Email.

Is Azure Authenticator the same as Microsoft Authenticator? ›

The Microsoft Authenticator app replaced the Azure Authenticator app, and it's the recommended app when you use two-step verification. The Authenticator app is available for Android and iOS.

Is Passwordless authentication considered MFA? ›

MFA vs Passwordless Authentication

Passwordless authentication simply replaces passwords with a more suitable authentication factor. On the other hand, MFA (multi-factor authentication) uses more than one authentication factor to verify a user's identity.

Which of the following authentication methods can be used as a passwordless authentication mechanism in Azure AD? ›

Microsoft recommends passwordless authentication methods such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app because they provide the most secure sign-in experience.

Which port should be opened for passthrough authentication in Azure AD Connect for enabling SSO? ›

The latest Azure AD Connect Health agent versions only require port 443.

Which option enables user authentication directly in Azure Active Directory Azure AD without the involvement of on premises components? ›

With cloud authentication, you can choose from two options: Azure AD password hash synchronization. The simplest way to enable authentication for on-premises directory objects in Azure AD. Users can use the same username and password that they use on-premises without having to deploy any additional infrastructure.

How do I create a temporary access to a file? ›

Open a file in Google Drive. Click Share. Add expiration. To accept the 30-day expiration date, click Send.

How do I give access to enterprise application in Azure? ›

Sign in to the Azure portal or Azure AD admin center. Select Azure Active Directory > Roles and administrators. Select the Grant permissions to manage user and group assignments role. Select Add assignment, select the desired user, and then click Select to add role assignment to the user.

What is the use of temporary disk in Azure? ›

The temporary disk provides short-term storage for applications and processes, and is intended to only store data such as page or swap files. Data on the temporary disk may be lost during a maintenance event or when you redeploy a VM.

Which three authentication methods can be used by Azure multi-factor authentication? ›

Available verification methods

The following additional forms of verification can be used with Azure AD Multi-Factor Authentication: Microsoft Authenticator app. Windows Hello for Business. FIDO2 security key.

What type of authentication technique is Microsoft Azure Conditional Access? ›

Multi-factor authentication (MFA) uses both a password, which should be strong, and an additional verification method.

What is Conditional Access in Azure Active Directory? ›

Conditional access is the tool used by Azure AD to bring together signals, make decisions, and enforce organizational policies. Help keep your organization secure using conditional access policies only when needed.

Why passwordless authentication are now preferred more than password authentication? ›

Passwordless Authentication strengthens security by eliminating risky password management practices and reducing attack vectors. It also improves user experiences by eliminating password and secrets fatigue. With Passwordless Authentication, there are no passwords to memorize or security question answers to remember.

Is passwordless authentication better than 2FA? ›

Modern passwordless authentication provides extra security without the hassle of traditional 2FA/MFA.

Is Microsoft passwordless more secure? ›

Jakkal: Passwordless authentication solutions provide customers with a more secure, simple and fast way to authenticate their accounts. Rather than keeping attackers out, weak passwords often provide a way in.

Is passwordless authentication ready for the enterprise? ›

Can your enterprise entirely become passwordless in 2022? Sadly, the answer is still no. There are still some applications that support neither SSO nor other types of passwordless authentication. Legacy servers and some offline accounts might not have economical passwordless support in the near future.

What are the three 3 main types of authentication? ›

Authentication factors can be classified into three groups: something you know: a password or personal identification number (PIN); something you have: a token, such as bank card; something you are: biometrics, such as fingerprints and voice recognition.

How does passwordless authentication works? ›

So, how does passwordless authentication work? Passwordless authentication is a method of authenticating users without the use of passwords. Instead of a password, the user is authenticated using another factor, such as a one-time code sent to their mobile phone or email address, a USB security key, or biometrics.

What is passwordless in Microsoft? ›

Microsoft now lets you remove passwords from Microsoft accounts to embrace a passwordless future. The software giant now allows consumers to sign into Microsoft accounts with its Microsoft Authenticator app, Windows Hello, a security key, or a text message / email verification code instead of a password.

What are the two types of authentication Microsoft Azure Active Directory users? ›

Microsoft offers the following three passwordless authentication options that integrate with Azure Active Directory (Azure AD): Windows Hello for Business. Microsoft Authenticator app. FIDO2 security keys.

Which of the following two factor authentication verification methods are available in Azure AD? ›

MFA works in Azure Active Directory by requiring two or more of the following authentication methods: A password. A trusted device that's not easily duplicated, like a phone or hardware key. Biometrics like a fingerprint or face scan.

What is Microsoft Entra? ›

Microsoft Entra is the new name for the family of identity and access technologies now brought into one place and under one portal. Entra goes beyond traditional identity and access management – it's Microsoft's vision for the future of identity and access.

Can I use Azure AD for authentication? ›

Azure AD provides secure authentication and authorization solutions so that customers, partners, and employees can access the applications they need. With Azure AD, conditional access, multi-factor authentication, single-sign on, and automatic user provisioning make identity and access management easy and secure.

Does Microsoft Authenticator require a Microsoft account? ›

The Microsoft Authenticator app backs up your account credentials and related app settings, such as the order of your accounts, to the cloud. Important: You need a personal Microsoft account to act as your recovery account. iOS users must also have an iCloud account.

Is passwordless authentication the future? ›

Passwordless login is touted as the future of authentication. Advocates point to greater security and an improved user experience as reasons why you should adopt it today. This article will introduce you to passwordless authentication and explain the workings of the most common passwordless login methods.

How to setup passwordless SSH? ›

To set up passwordless SSH you must configure the mqm id on each node, then generate a key on each node for that user. You then distribute the keys to the other nodes, and test the connection to add each node to the list of known hosts. Finally you lock down the mqm id .

Which are the authentication mechanism options available in Azure AD? ›

A user in Azure AD has access to choose the authentication way using one of the following authentication methods: Firstly, Traditional username and password. Secondly, Microsoft Authenticator App passwordless sign-in. Then, OATH hardware token or FIDO2 security key.

Which are the supported options for enabling Passwordless authentication for Azure AD? ›

Microsoft global Azure and Azure Government offer the following three passwordless authentication options that integrate with Azure Active Directory (Azure AD): Windows Hello for Business. Microsoft Authenticator. FIDO2 security keys.

What is the difference between Azure AD pass-through authentication and Azure AD password hash sync? ›

Password hash synchronization—Synchronizes the hash of a user's Azure AD and on-premise Active Directory passwords. Pass-through authentication—Allows users to authenticate with the same password on both Azure AD and on-premise Active Directory.

How do I install pass-through authentication agent? ›

Select Azure Active Directory -> Azure AD Connect -> Pass-through Authentication -> Download agent. Accept the terms of service and download the latest version. Install the latest version of the Authentication Agent: Run the executable downloaded in Step 2.

Which three authentication methods can Azure Active Directory users use to reset their password? ›

The following authentication methods are available for SSPR: Mobile app notification. Mobile app code. Email.

What are the three main identity models Azure Active Directory users to manage user authentication in Office 365? ›

Office 365 uses the cloud-based user authentication service Azure Active Directory to manage users and offers three identity models: cloud-only, synchronized, and federated.

Which service is used in Azure for authentication & authorization of identities? ›

Azure App Service provides built-in authentication and authorization capabilities (sometimes referred to as "Easy Auth"), so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions.

How do I set up pass through authentication? ›

Sign in to the Azure Active Directory admin center with the Hybrid Identity Administratoristrator credentials for your tenant. Select Azure Active Directory in the left pane. Select Azure AD Connect. Verify that the Pass-through authentication feature appears as Enabled.

Which Azure AD feature can you use to provide just-in-time access to manage Azure resources? ›

Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources.

What are the three types of role Basic Access Control in Microsoft Azure? ›

Azure broadly defines three different roles: Reader, Contributor, and Owner. These roles apply to Subscriptions, Resource Groups, and most all Resources on Azure.

How do you get 99.99 Availability in Azure? ›

Azure VMs SLA

If VMs are deployed in two or more Availability Zones, guaranteed connectivity rises again to 99.99 percent. Deploying instances in different Availability Zones reduces expected downtime by a factor of ten.

What is a Microsoft Azure pass? ›

In short, Microsoft Azure PaaS is a deployment and development environment that delivers simple cloud-based apps to complex, cloud-enabled applications. Harnessing the power of Azure PaaS allows you to maximize productivity and security for your workforce.

Where is the Azure pass code? ›

MCTs may request their pass by completing the simple process at the Microsoft Azure Pass Portal and must agree to the Microsoft Azure Pass Trial Agreement before submitting the request. Once the request form is submitted, the requester will receive a confirmation email with the Azure pass code.

What is Azure AD pass-through authentication? ›

What is Azure Active Directory Pass-through Authentication? Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords.

What are the four methods of step up authentication? ›

Are there different methods for step up authentication? Step up authentication can include any number of authentication methods, including MFA, one-time code over SMS, knowledge-based authentication (KBA), biometrics, etc.

How do I give Azure AD user access to Azure SQL database? ›

Navigate to the SQL Managed Instance you want to use for Azure AD integration. Select the banner on top of the Active Directory admin page and grant permission to the current user. Now you can choose your Azure AD admin for your SQL Managed Instance.

Is it possible for outside users to have access to resources in Azure? ›

Answer is Yes.

Since Azure has other capabilities in place that can allow other users to access Azure-based resources.

Videos

1. Azure AD passwordless sign-in using MS Authenticator app
(VDIBuzz)
2. Passwordless authentication to Azure AD using Feitian FIDO2 security keys
(CloudManagement.Community)
3. 3 Passwordless Ways to Securely Onboard New Users
(Oxford Computer Group US)
4. Enable FIDO Keys and Passwordless Sign on for Azure AD
(Dom Kirby)
5. Microsoft Entra - What’s new in Identity and Authentication!
(Andy Malone MVP)
6. Azure Active Directory Passwordless Strategy and Benefits
(Microsoft Security)
Top Articles
Latest Posts
Article information

Author: Jeremiah Abshire

Last Updated: 11/19/2022

Views: 6268

Rating: 4.3 / 5 (74 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Jeremiah Abshire

Birthday: 1993-09-14

Address: Apt. 425 92748 Jannie Centers, Port Nikitaville, VT 82110

Phone: +8096210939894

Job: Lead Healthcare Manager

Hobby: Watching movies, Watching movies, Knapping, LARPing, Coffee roasting, Lacemaking, Gaming

Introduction: My name is Jeremiah Abshire, I am a outstanding, kind, clever, hilarious, curious, hilarious, outstanding person who loves writing and wants to share my knowledge and understanding with you.