I’m excited to announce the public preview of Azure AD support for FIDO2 security keys in hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get seamless sign-in to their on-premises and cloud resources. Since the launch of the public preview of FIDO2 support for Azure online training AD joined devices and browser sign-ins, this has been the topmost requested feature from our pass wordless customers.
We all know that passwords are no longer effective in protecting customers from cybersecurity threats. In fact, compromised passwords are the most frequent cause of enterprise security breaches. Alternatively, pass wordless authentication using advanced technologies like bio metrics and public/private key cryptography provides a convenient, easy to use experience and world-class security.
With the expansion of FIDO2 support to Hybrid environments, we offer seamless sign-in to Windows devices and virtually unshakable access to on-premises and cloud resources, using a strong hardware-backed public/private-key credential.
Our customers shared that simpler deployments are essential for a successful pass wordless journey. We took their feedback seriously and enabled FIDO2 security keys for your hybrid environment requires only three deployment components:
1. Windows Server patch for Domain controllers (Server 2016/Server 2019).
2. Windows Insider Builds 18945 or later for PCs.
3. Version 220.127.116.11 or later of Microsoft Azure training AD Connect.
To get started on your FIDO2 journey, you need to:
Enable security keys as a password-less authentication method for your tenant and have your users provision their FIDO2 security keys.
For additional information see: Enable password-less security key sign-in to on-premises resources with Azure AD and User registration and management of FIDO2 security keys Ensure that Windows devices are enabled to use FIDO2 security keys to sign in.
For additional information see: Enable password-less security key sign-in to Windows 10 devices with Azure Ad Configure components required to sign in to your hybrid AADJ devices as well as for single sign-on (SSO) to on-premises and cloud resources.
For additional information see: Enable password-less security key sign-in to on-premises resources with Azure Active Directory previ.
Additionally, we’re excited to share additional hardware options for FIDO2 security keys from our Microsoft Intelligent Security Association partners. Ensuring Technologies now offers the Thin-C USB key with storage, eWBM Inc. has a new Golden gate USB-C key, and Thales announced Azure online training Hyderabad AD password-less sign-in integrations with its PKI-FIDO smartcard. See the full listing of tested compatible devices.
To get started on your password less journey, visit Go password less.
As always, we love to get your feedback and suggestions! Let us know what you think in the comments below.