As more and more customers move to cloud services and applications, they must provide secure and easy-to-use authentication options. Today we announce a public preview of the FIDO2 security key that supports password-free login to Azure Active Directory (Azure AD). With the FIDO2 security key, the Microsoft Authenticator application, or Windows Hello, all Azure AD users can log in without using a password.
These strong authentication elements are protected by the same world-class public / private key encryption standards and protocols (biometric elements (fingerprint or facial recognition) or PIN). The user applies a biometric element or PIN to unlock the private key securely stored on the device. The key is then used to verify that the user and the device are serviceable.
The new public preview feature also helps to start a password-less itinerary:
- The new authentication method blades in the Azure AD administration portal allow you to use the FIDO2 security key to create a password You can assign credentials that do not exist and allow users and groups to log in with Microsoft Authenticator without a password.
- FIDO2 security key management by users on integrated enrollment portal
- Ability to authenticate to Windows 10 devices that are subscribed to Azure AD from the latest version of Edge and Firefox browsers using FIDO2 security key
Read the public preview announcement of Azure AD for FIDO2-based password-free sign-in for a vision of making FIDO2 technology a reality to provide complete, secure, and password-free access to Azure AD-connected apps and services.
Read More Here: https://www.microsoft.com/en-us/microsoft-365/blog/2019/07/10/new-azure-active-directory-capabilities-eliminate-passwords/