Passwordless authentication to Azure AD using Feitian FIDO2 security keys
Ғылым және технология
In this video, Andy introduces the background to Passwordless authentication then walks through the setup within Microsoft Azure and Microsoft Endpoint Manager for FIDO2 Security keys. Following setup you will see the end user experience when logging into Windows and online resources within the Edge browser.
The Cloud Management Community is YOUR community for Cloud Management, Mobile Device Management and Microsoft Endpoint Manager. Join the discussion on Twitter (@the_cmcommunity) and subscribe to be notified when we go LIVE.
Andy Jones is a Microsoft Technical Architect, Organiser at CloudManagement.Community, and co-founder of the CMC KZread Channel. He's on Twitter @Andy_69Jones. Any views or opinions expressed here are his own.
Microsoft website reference: docs.microsoft.com/en-gb/azur...
Table of Contents:
00:00 - Introduction
00:40 - Passwordless Background & Context
02:30 - Feitian FIDO2 security key options
03:37 - FIDO2 Security key providers
04:15 - Microsoft Azure setup for MFA and security keys
05:58 - Registration of a FIDO2 security key for a test user
08:24 - Microsoft Endpoint Manager setup for security key sign-in
12:55 - End user online sign-in experience using a security key
14:22 - End user Windows sign-in with a security key
15:02 - Summary
Пікірлер: 10
good job excelent information thanKs ... hi from COLOMBIA
great video. During sign into the office portal it looks like the user has the choice to use the key or enter their username and password as normal, or pick their key etc. So, if they have forgotten their key (or is in the car, what a hassle to go outside etc, or muscle memory kicks in) can they still sign in using their old password/MFA method? Is there a way to force them to use their key and don't allow the old method?
05:21 Do we need Azure AD Premimum paid license to enable Fido2 Security as a authentication method?
Hi, I’m trying to get this working, couple of questions if you could help. 1. Do we need to have an Intune licence, with the windows machine enrolled? We currently have O365 Business Standard which I don’t think includes intune. 2. Does the user account still have a password as a valid login, or can this be removed entirely? Thank you.
Nice demo! So if one can use a FIDO key for WIndows login, what is really the point of using WHfB at all? Granted all your user would need FIDO keys and you wouldn't want to use any other method like fingerprint etc
Firstly, thank you CloudManagement Community team for all the helpful videos. My question is, we regularly remote in to our end users, using an application called Splashtop. When we need to elevate permissions, we use a particular admin account. Can this method be used remotely to save us typing a long account and password out and be more secure using a key method remotely? Any suggestions greatly appreciated and again thank you!
@theCMC
2 жыл бұрын
Chad the application needs to be enabled for passwordless authentication and modern auth first. I found this www.techtarget.com/searchsecurity/opinion/How-to-go-passwordless-if-not-all-your-apps-support-modern-authentication-standards?amp=1
Do you know / is there a 'native' way to lock Windows when you remove the key ?
@theCMC
2 жыл бұрын
Hi Fat Shark, unfortunately Im not familiar with any native settings for this. I have done some checking and I couldnt find any way of easily achieving this. If anyone else in the community knows please help Fat Shark with this.
@jcpallitto
Жыл бұрын
I'm looking for a similar solution. In health care, the DRs roam from PC to PC in the hospital and hate that they have to put in a password each time. I'm thinking a FIDO2 smart card might work because you can configure smart cards to log off when removed