Microsoft is bringing the password-less access to Azure Active Directory (Azure AD) apps and services. The tech giant said that FIDO2 security keys will now be supported in Azure AD.
Enterprises are increasingly moving to the cloud and they want to feel secure there. Since analysts say that 81% of successful cyber attacks start with a compromised username or password, Microsoft is cutting the problem from roots.
Now, the users of Azure AD will be able to sign in without a password, using a FIDO2 security key, the Microsoft Authenticator app, or Windows Hello. Based on public key/private key encryption standards and protocols, these authentication factors are protecting by a PIN or a biometric factor like a fingerprint or facial recognition.
Hence, users can apply the biometric factor or PIN to unlock the private key stored securely on the device. The key is then used to authenticate the user and the device to the service.
The new passwordless experience is a secure and easy-to-use authentication option for customers. This will allow them to access information without worrying about cybercriminals accessing their accounts. Microsoft believes that the new move will significantly reduce the risk of account compromise.
The support for FIDO2 security keys in Azure AD is currently available in public preview.
Along with this, Microsoft is also adding a number of new admin capabilities in the Azure AD portal that will allow admins to manage the authentication factors for users and groups in the organization.
“Today’s product launches are an important milestone for getting to passwordless. In addition, the engineering work we did to provide authentication methods management for administrators and user registration and management, will allow us to move even faster to improve credentials management, experiences, as well as bring new capabilities and credentials online more simply,” wrote Alex Simons, Corporate VP of Program Management, Microsoft Identity Division, in a blog post.
“We’re working with our Windows security engineering team to make FIDO2 authentication work for hybrid-joined devices.”