FIDO2
Are you looking for information about FIDO2 in Microsoft Azure and Microsoft 365? In this archive you will find all our posts about FIDO2.
Protect Security Info Registration with Microsoft Entra Conditional Access and Microsoft Entra ID Protection
Registration of security information such as the Microsoft Authenticator app, FIDO2 security keys or OATH tokens is a critical component of modern identity security. To protect this sensitive process, Microsoft Entra Conditional Access is used in combination with Microsoft Entra ID Protection. If a user risk or sign-in risk is detected, the Conditional Access policy prevents registration under untrusted conditions. This ensures that security-relevant information is only registered in trusted scenarios. If registration takes place under untrusted conditions, there is a risk that an attacker may register alternative authentication methods. This could allow continued access to a compromised account even after the password has been changed. To mitigate this risk,…
Hardening your Identities: Microsoft Authenticator device-bound passkey
A device-bound passkey is an advanced security feature implemented in Microsoft Authenticator. It is a unique security key that is tied to a specific device. When a user logs in to their account, they use this key to verify their identity. Since the key is bound to the device, no one else can access the user’s account, even if they know the password, unless they also have access to the device.
Temporary Access Pass in Microsoft Entra: what it is and how to use it
A Temporary Access Pass (TAP) is a time-limited passcode that can be configured for single or multiple use. The Temporary Access Pass (TAP) allows the user to securely sign in to the Microsoft Cloud within a defined time period to set up additional authentication methods. These secure authentication methods include passwordless methods such as FIDO2 security keys or the Microsoft Authenticator App. The limited time period for access authorisations makes the Temporary Access Pass (TAP) an indispensable tool for security guidelines and compliance requirements.
Microsoft Entra Privileged Identity Management (PIM) and FIDO2: Increasing the security of privileged roles
Privileged roles and permissions in Microsoft Entra ID allow you to manage all aspects of Microsoft Azure and Microsoft 365. To make phishing and other attacks more difficult, a secure password for privileged Microsoft Entra roles is no longer enough. Phishing-resistant multi-factor-authentication, such as FIDO2 protocol on a security key in combination with Microsoft Entra Privileged Identity Management (PIM), significantly increases security for the Microsoft Tenant and convenience for the user.
Secure Emergency Access: Create and Manage Microsoft Entra Emergency Accounts with YubiKey (FIDO2)
A Microsoft Entra emergency access account, also known as a “Break Glass Account”, is a special account set up for accessing Azure resources in emergency situations. This account typically has higher permissions and is only used when conventional access routes are not available. This could be, for example, a service outage, so that no multi-factor authentication can be performed via a mobile phone. The use of emergency accounts is strictly controlled, monitored, and restricted.