Passwordless Authentication with Azure AD and FIDO2 Security Keys and Yubikey Bio
walk through configuring passwordless authentication in Azure AD, then we on-board a user and walk through the passwordless experience with the new Yubico Yubikey Bio in a web browser and logging into a new install of Windows 11.
Links
Zero to Hero with Azure Virtual Desktop
www.udemy.com/course/zero-to-...
Hybrid Identity with Windows AD and Azure AD
www.udemy.com/course/hybrid-i...
Yubico Yubikey
www.pntrs.com/t/TUJGR0dNRkJHS...
VMware Workstation Pro
store-eu.vmware.com/
Microsoft compatible security key
docs.microsoft.com/en-us/wind...
Пікірлер: 18
Very good to the point explanation , great video as always
These are great vids, thanks for posting. Its a shame the MS makes this process overly complicated, it dissuades some organizations from implementing these security measures.
Thanks for this, very well done. You have a new subscriber.
@Ciraltos
2 жыл бұрын
I’m glad you found it useful!
Great videos thanks for sharing
Hi Travis, thank you for your well explained videos! I want to learn azure by doing it, creating ressources , whole architectures etc. So I was wondering if there are some kind of excercises which I can do. Is there something like that ?
@13:04 - Why Single-Sign-On did not work with Edge after the type the myprofile site? - How to get SSO at this stage? - You signed into windows 11 using your Azure AD account (using the key), so the Windows 11 should be AAD Joined or Registered.
Great video. I have MFA and FIDO2 setup for my users. But they are required to enter both PIN and then use a fingerprint. Is that how its supposed to work with these biometric Yubico keys?
@12:56 - at this point can you still use the key by selecting "Sign-in options" ???
Great vid. How about for Android? iOS?
@6:08 - How does one create a backup key? - what to do if a key is stolen? (Even if i still have my fingers)
I read a lot about passwordless authentication, but are you able to have Azure to disable the option to login in with password and another factor fully? As I understand it, this is only possible with ordinary Microsoft accounts (as from this fall), not with Azure AD accounts. If I use a supported browser I indeed do not get the option to login using password and a second factor, but if using an unsupported browser I still get the possibility to use my password and e.g. the Microsoft Authenticator. If you only want to be able to use a security key and no other option - is it possible with Azure AD user accounts yet?
@Ciraltos
2 жыл бұрын
Hello Mats, I don't know of any way to relay on only passwordless auth. Two factor MFA is required to onboard passwordless auth and is a failback if passwordless is not an option. Thanks, Travis
Can I do this procedure to login Linux?
Can you make this video with Microsoft authenticator
Is phone call supported still? I never saw it as an option... or is it US only?
@Ciraltos
2 ай бұрын
I didn't see anything about only US, but it's not supported on trail subscriptions learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-phone-options
Does this work for macOS?