This post has been republished via RSS; it originally appeared at: Azure Active Directory Identity Blog articles.
I’m excited to announce the public preview of Azure AD support for FIDO2 security keys in hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get seamless sign-in to their on-premises and cloud resources. Since the launch of the public preview of FIDO2 support for Azure AD joined devices and browser sign ins, this has been the top most requested feature from our passwordless customers.
We all know that passwords are no longer effective in protecting customers from cybersecurity threats. In fact, compromised passwords are the most frequent cause of enterprise security breaches. Alternatively, passwordless authentication using advanced technologies like biometrics and public/private key cryptography provides a convenient, easy to use experience and world class security.
With the expansion of FIDO2 support to Hybrid environments, we offer seamless sign-in to Windows devices and virtually unphishable access to on-premises and cloud resources, using a strong hardware-backed public/private-key credential.
Our customers shared that simpler deployments are essential for a successful passwordless journey. We took their feedback seriously and enabled FIDO2 security keys for your hybrid environment requires only three deployment components:
- Windows Server patch for Domain controllers (Server 2016/Server 2019).
- Windows Insider Builds 18945 or later for PCs.
- Version 18.104.22.168 or later of Azure AD Connect.
To get started on your FIDO2 journey, you need to:
- Enable security keys as a passwordless authentication method for your tenant and have your users provision their FIDO2 security keys.
For additional information see: Enable passwordless security key sign-in to on-premises resources with Azure AD and User registration and management of FIDO2 security keys
- Ensure that Windows devices are enabled to use FIDO2 security keys to sign in.
For additional information see: Enable passwordless security key sign-in to Windows 10 devices with Azure AD
- Configure components required to sign in to your hybrid AADJ devices as well as for single sign-on (SSO) to on-premises and cloud resources.
For additional information see: Enable passwordless security key sign-in to on-premises resources with Azure Active Directory (preview)
Additionally, we’re excited to share additional hardware options for FIDO2 security keys from our Microsoft Intelligent Security Association partners. Ensurity Technologies now offers the Thin-C USB key with storage, eWBM Inc. has a new Goldengate USB-C key, and Thales announced Azure AD passwordless sign-in integrations with its PKI-FIDO smartcard. See the full listing of tested compatible devices.
To get started on your passwordless journey, visit Go passwordless.
As always, we love to get your feedback and suggestions! Let us know what you think in the comments below.
Alex Simons (@Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division