Enterprises are constantly faced with the challenge of security, and with the amount of credentials we need to use day-to-day, passwords are a nightmare. Thankfully there are other ways to securely authenticate with services and this week, Microsoft announced an improvement to FIDO2 security keys.
Passkeys are a new authentication method aiming to replace weak, insecure passwords with a more convenient and secure system. Imagine logging in to websites and apps just by using your fingerprint, face scan, or screen lock PIN – that’s the promise of passkeys.
Microsoft 365 recently announced the availability of passkeys on YubiKeys with mobile devices. With the use of phishing-resistant multi-factor authentication (MFA) like passkeys growing more every day, it’s exciting to see them supported with more services.
This new Microsoft preview not only opens up support on iOS and iPadOS for Microsoft 365, but for a whole range of other Microsoft 1st party apps and also any other applications protected with Entra ID.
This has been something on every Yubico and Entra ID customer’s wish list since 2019 when Microsoft first announced preview support for FIDO2 security keys. Customers are now beginning to get the support they have been asking for, and can now use the same YubiKeys that they use on their desktops on their iPhone. Entra ID has long supported passkeys on security keys like YubiKeys on Windows and other platforms, but there has been a lack of support on mobile devices.
Microsoft initially announced support for passkeys in Safari in July 2023. While this was an important added feature, most customers really needed support using native apps.
Now that preview support is finally available. With Microsoft’s new announcement, users now have a complete experience from mobile devices where they’re able to sign in to both web applications and native apps using a YubiKey.
How does it work?
To start using your YubiKey in Entra ID on mobile devices you need:
- An iOS native app protected with Entra ID.
- The native app protected with Entra ID should use this Microsoft guidance, Apps may require the use of Microsoft Authenticator until the apps are updated by the developers to natively support a passkey sign-in experience.
- An Entra ID tenant that has enabled support for passkeys (FIDO2 security keys).
- An Entra ID account where you have registered a YubiKey 5 Series or YubiKey 5 FIPS Series.
In the video above, you see how passwordless sign-in on Azure Virtual Desktop works. Once your Azure Virtual Desktop host pools are configured to support passwordless SSO, then you can easily use your security keys to sign-in to these remote desktops to access all your applications on the go with a Windows experience.
In the video, the iOS Remote Desktop application is used to show the two new features together where a user can now use their iPhone and a YubiKey to access their Windows 11 virtual desktops without using a password.
To learn more about passkey compatibility with Entra ID, visit here. To learn more about Azure Virtual Desktop visit the page here to learn about configuring passwordless SSO authentication to the AVD session host and also how to configure support for passwordless authentication inside the remote session.