Public preview of Microsoft Azure Active Directory (AD) FIDO2 sign-in without passwords


Azure AD FIDO2
Image source:

Recently Microsoft announced the accessibility of preview of Azure AD FIDO2 support, which allows user authentications without passwords.

FIDO2, or FAST Identity Online 2.0, is a Web standard for user authentications without passwords that were developed by the FIDO Alliance industry coalition and the Worldwide Web Consortium. Microsoft currently has a Windows Hello biometric authentication plan in Windows 10. It just recently received FIDO2 certification for usage with the May 2019 Update (variation 1903) of Windows 10.

Azure AD FIDO2 Preview

With the Azure Active Directory (AD) FIDO2 public preview, companies can check “passwordless access to all your Azure AD-connected apps and services,” stated Alex Simons, corporate vice president of program management at the Microsoft Identity Division, in the announcement.

IT pros will see new tooling support within the Azure AD Admin Portal for establishing this passwordless authentication method. To utilize the preview, they’ll need to “assign passwordless credentials utilizing FIDO2 security keys.” The preview will work with “the latest versions of Edge and Firefox internet browsers,” the statement included.

Devices made by “hardware partners Feitian Technologies, HID Global and Yubico” have to support for the Azure AD FIDO2 preview. Those three device makers are presently using promotional discount rates on their devices, as described in this Microsoft Tech Community post. Microsoft requires that such devices be “Microsoft compatible” keys, as defined in this document.

Azure AD FIDO2 is still in progress. Simons described it as a “first release.” A future release will add “the ability to manage all our traditional authentication factors (Multi-Factor Authentication (MFA), OATH Tokens, phone number sign in, and so on),” he added. That’s true on the Windows 10 client side, too.

Public preview of Azure AD support for FIDO2

“We’re dealing with our Windows security engineering group to make FIDO2 authentication work for hybrid-joined devices,” Simons described.

Windows 10 version 1809 or later operating systems have FIDO2 assistance, according to Microsoft’s “Password-Less Protection” whitepaper.

The FIDO2 employs a public key-private essential structure in which the private key always remains on the device. It means it’s not on the internet. This plan purportedly beats attack circumstances where another party understands a user’s name and password. Even a PIN is safe because it’s tied to the device’s hardware, so attackers guessing a PIN would still need to have ownership of the client device to access an account, Microsoft’s whitepaper explained.

Microsoft, in addition to advancing a passwordless future, also has argued against making end users create complicated passwords or have them changed periodically. In Microsoft’s best practices guidance for passwords outlined these contrarian concepts to standard IT practices in 2015.

Back in April, Microsoft had revealed plans to drop some standard password recommendations from its Windows security baseline document suggestions because it doesn’t think they include much protection for companies.

Recently, Microsoft offered more of the same suggestions regarding passwords and discussed that what organization require is to need multifactor authentication for end users (a secondary identity verification procedure), and they need to have an identity verification service in a location that’s connected to the hardware, such as enabled by FIDO2. These arguments are laid out in this Microsoft Tech Community post by Alex Weinert, a member of the Microsoft Identity Division security team.

Longer passwords use much better defense against brute-force attacks, Weinert suggested. His overall message, however, was to take a more straightforward method and use multifactor authentication.

“Your password does not matter, but MFA does! Based on our studies, your account is more than 99.9% less most likely to be compromised if you utilize MFA,” Weinert concluded.

Source: Redmondmag

May also like: Microsoft is developing Xbox new prototype device ‘ a removable game controllers’ for phones and tablets.

Whooptous News Desk
We are a group of Engineers who are tech enthusiasts and like to make people aware of the latest technologies and how it may also help people to enhance and improve life. We dig deep into the below-ground depths of technological understanding, digging up the most vital, behind-the-scenes information. Contact Whooptous staff at [email protected] or by filling the Contact Form.

Follow us



Windows 10 black screen

How to fix black screen issue on Windows 10 by troubleshooting connection problems and...

On Windows 10, a black screen can take place for a number of factors. It can be connected to a problem with a current graphics...
microsoft build 2020

Microsoft Build 2020 Developer Conference from May 19-21

Microsoft announced the dates for its flagship event Microsoft Build 2020 developer conference which are going to takes place next year.
Microsoft flaunts new Windows logo and redesigned app icons- feature image

Microsoft flaunts new Windows logo and redesigned app icons

Recently, Microsoft has published a post in Medium about the new Office icons. The company redesigned the icons to cop up with the changing world.

Intel 10th Generation Processors “Comet Lake” Line-up leaked

Earlier AMD's Ryzen 7 3000 family, providing a body blow to Intel's whole high-end product stack. The Ryzen 9 3900X overthrows the Core i9-9900K's...
Windows 10 optional cumulative update

Optional cumulative update KB4550945 for Windows 10 version 1909 and 1903

Microsoft releases new optional patch updates KB4550945 for Windows 10 version 1909 and 1903 following the Patch Tuesday of this month, which is a week ago.