The following scenarios for users in a hybrid environment are supported: Users can sign into Windows on their devices with modern credentials like FIDO2 keys and access traditional Active Directory Domain Services (AD DS) based resources with a seamless single sign-on (SSO) experience to their on-prem resources. With this passwordless feature, you can enable Azure AD authentication on Windows 10 devices for hybrid Azure AD joined devices using FIDO2 security keys. We are looking forward to seeing new form factors and possibly applications on your phone that comply with the FIDO2 specification.This article covers frequently asked questions for hybrid Azure AD joined devices and passwordless sign-in to on-prem resources. Some examples include USB security keys and NFC enabled smartcards, just to name a few. Our partners are working on a variety of security key form factors. The security key holds your credential and can be protected with an additional second factor like fingerprint (integrated into the security key) or a PIN to be entered at the Windows sign-in. These keys have all the benefits of a Trusted Platform Module (TPM) while also being portable enabling the increasing number of mobile workers.įIDO2 compliant security keys provide secure authentication, independent of the form factor. Unlike traditional passwords, these keys rely on high-security, public-key cryptography to provide strong authentication. A user can walk up to any device belonging to the organization and authenticate in a secure way – no need to enter a username and password or set-up Windows Hello beforehand. Security keys allow you to carry your credential with you and safely authenticate to an Azure AD joined Windows 10 PC that’s part of your organization. Microsoft and its partners have been working together on FIDO2 security keys for Windows Hello to enable easy and secure authentication on shared devices. Or a public-sector organization that wants secure authentication on devices while adhering to security policies and directives where the users credential needs to be physically separate from the device itself. Another scenario is hospital medical staff that need access a patient records on a device no matter where the patient is located. Imagine a helpdesk scenario where an employee can walk up to any device and simply log in using Windows Hello and not username and password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |