SlideShare a Scribd company logo

Microsoft's Implementation Roadmap for FIDO2

FIDO Alliance
FIDO Alliance

This presentation on Microsoft's implementation of FIDO2 was given at the FIDO Authentication Seminar in Austin, Texas on January 28, 2019.

Technology
1 of 30
Download to read offline
FIDO2 & Microsoft ANTHONY NADALIN MICROSOFT
https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/windows-integration/web- authentication
Windows Hello
Password-less authenticationUser-friendly experienceEnterprise-grade security 47M enterprises have deployed Windows Hello for Business active Windows Hello users 6.5K growth in biometric capable computers 350%
FIDO2 Private preview began WebAuthn Support available to Windows 10 Insiders Self-provisioned keys for MSA Windows 10 October 2018 Update SPRING 2018 JULY 2018 OCTOBER 2018
Admin controls End-user self-provisioning FIDO2 for Azure AD accounts Public preview begins JANUARY 2019 FIDO2 Private preview began WebAuthn Support available to Windows 10 Insiders Self-provisioned keys for MSA Windows 10 October 2018 Update SPRING 2018 JULY 2018 OCTOBER 2018
Save Discard METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes Allowed methods Documentation = Recommended Registration settings Usage and insights Getting started ACTIVITY Audit logs TROUBLESHOOTING + SUPPORT Troubleshoot New support request MANAGE Authentication methods Password protection (Preview) i i i i i i i i i i Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods 1 group Yes Text message i
REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes … FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Yes No Enforce key restrictions Restrict specific keys Yes No Manage security keys Manual set-up All users All users Select users
REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Yes No Enforce key restrictions Restrict specific keys Manage security keys Manual set-up All users Select users All users
REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Enforce key restrictions Restrict specific keys Manage security keys Manual set-up No users selected … Yes No
REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No Manage security keys Manual set-up Search by name or email address Search OK Cancel Search by name of email addressPilot Add users and groups …No users selected
REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No Manage security keys Manual set-up Search by name or email address Search OK Cancel Search by name of email addressPilot group Pilot group Pilotgroup@wingtiptoys.com Pilot group corp pilotgrpcorp@wingtiptoys.com Pilot group NYC pilotgrpmkt@wingtiptoys.com PG PG PG Add users and groups …No users selected
REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No Manage security keys Manual set-up Search by name or email address Search Search by name of email addressPilot group Add users and groups OK Cancel Pilot group Pilotgroup@wingtiptoys.com PG x OK Cancel …No users selected
REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Enforce key restrictions Restrict specific keys Manage security keys Manual set-up Pilot group … Yes No
Wingtip Toys
Wingtip Toys
Wingtip Toys
Wingtip Toys
Wingtip Toys
Wingtip Toys
Wingtip Toys
Wingtip Toys
Wingtip Toys
FIDO2 security key 1 Windows 10 device 6 3 4 7 9 2 3 4 5 2 1 User plugs FIDO2 security key into computer Windows detects FIDO2 security key Windows device sends auth request Azure AD sends back nonce User completes gesture to unlock private key stored in security key’s secure enclave FIDO2 security key signs nonce with private key PRT token request with signed nonce is sent to Azure AD Azure AD verifies FIDO key Azure AD returns PRT and TGT to enable access to on-premises resources 8 7 8 9 5 6

Recommended

FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
FIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
FIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
FIDO Alliance
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO Alliance
 

Recommended

FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
FIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
FIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
FIDO Alliance
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO Alliance
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~
5 6
 
2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について
2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について
2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について
FIDO Alliance
 
#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage
Nov Matake
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
FIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
FIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
FIDO Alliance
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
FIDO Alliance
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
FIDO Alliance
 
Workshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptxWorkshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptx
FIDO Alliance
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明
FIDO Alliance
 
IBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptxIBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptx
FIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
FIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
FIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
FIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
FIDO Alliance
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
Naoto Miyachi
 
FIDOのキホン
FIDOのキホンFIDOのキホン
FIDOのキホン
Yahoo!デベロッパーネットワーク
 
FIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へFIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へ
FIDO Alliance
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
IAPP_CIPM_certification_training_Course_Content
IAPP_CIPM_certification_training_Course_ContentIAPP_CIPM_certification_training_Course_Content
IAPP_CIPM_certification_training_Course_Content
priyanshamadhwal2
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 

More Related Content

What's hot

Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
FIDO Alliance
 

What's hot (20)

RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~
 
2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について
2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について
2019 FIDO Tokyo Seminar - FIDO認定と国内で初めて開催したFIDO相互接続性試験について
 
#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage#idcon vol.29 - #fidcon WebAuthn, Next Stage
#idcon vol.29 - #fidcon WebAuthn, Next Stage
 
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
2019 FIDO Tokyo Seminar - LINE PayへのFIDO2実装
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
 
Workshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptxWorkshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptx
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明
 
IBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptxIBM - Hey FIDO, Meet Passkey!.pptx
IBM - Hey FIDO, Meet Passkey!.pptx
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
 
FIDOのキホン
FIDOのキホンFIDOのキホン
FIDOのキホン
 
FIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へFIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へ
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
 

Similar to Microsoft's Implementation Roadmap for FIDO2

Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
Manish Dixit Ceh
 
MS_Learning_Transcript.PDF
MS_Learning_Transcript.PDFMS_Learning_Transcript.PDF
MS_Learning_Transcript.PDF
Taha Rashad
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)
Microsoft Norge AS
 
MS_Learning_Transcript.PDF
MS_Learning_Transcript.PDFMS_Learning_Transcript.PDF
MS_Learning_Transcript.PDF
youssef Salama
 
EMS, one suite to manage and secure your workplace
EMS, one suite to manage and secure your workplaceEMS, one suite to manage and secure your workplace
EMS, one suite to manage and secure your workplace
Delta-N
 
download Advance google-certified-digital-marketing-course syllbus
download Advance google-certified-digital-marketing-course syllbusdownload Advance google-certified-digital-marketing-course syllbus
download Advance google-certified-digital-marketing-course syllbus
shilpa gupta
 

Similar to Microsoft's Implementation Roadmap for FIDO2 (20)

IAPP_CIPM_certification_training_Course_Content
IAPP_CIPM_certification_training_Course_ContentIAPP_CIPM_certification_training_Course_Content
IAPP_CIPM_certification_training_Course_Content
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Salesforce.Com - my presentation from April User Group
Salesforce.Com - my presentation from April User GroupSalesforce.Com - my presentation from April User Group
Salesforce.Com - my presentation from April User Group
 
December 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarDecember 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know Webinar
 
Blackhat Analyics 4: May the 25th be with you!
Blackhat Analyics 4: May the 25th be with you!Blackhat Analyics 4: May the 25th be with you!
Blackhat Analyics 4: May the 25th be with you!
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And Control
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Building a Secure Organization
Building a Secure OrganizationBuilding a Secure Organization
Building a Secure Organization
 
MS_Learning_Transcript.PDF
MS_Learning_Transcript.PDFMS_Learning_Transcript.PDF
MS_Learning_Transcript.PDF
 
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsSecuring SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)
 
MS_Learning_Transcript.PDF
MS_Learning_Transcript.PDFMS_Learning_Transcript.PDF
MS_Learning_Transcript.PDF
 
Como o Azure Information Protection pode manter seus dados seguros
Como o Azure Information Protection pode manter seus dados segurosComo o Azure Information Protection pode manter seus dados seguros
Como o Azure Information Protection pode manter seus dados seguros
 
Effective Instrumentation Strategies for Data-driven Product Management
Effective Instrumentation Strategies for Data-driven Product Management Effective Instrumentation Strategies for Data-driven Product Management
Effective Instrumentation Strategies for Data-driven Product Management
 
What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and Compliance
 
EMS, one suite to manage and secure your workplace
EMS, one suite to manage and secure your workplaceEMS, one suite to manage and secure your workplace
EMS, one suite to manage and secure your workplace
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
download Advance google-certified-digital-marketing-course syllbus
download Advance google-certified-digital-marketing-course syllbusdownload Advance google-certified-digital-marketing-course syllbus
download Advance google-certified-digital-marketing-course syllbus
 
Advance digital marketing course syllabus
Advance digital marketing course syllabusAdvance digital marketing course syllabus
Advance digital marketing course syllabus
 

More from FIDO Alliance

Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
FIDO Alliance
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
FIDO Alliance
 

More from FIDO Alliance (20)

IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 

Microsoft's Implementation Roadmap for FIDO2

  • 2.
  • 3.
  • 5.
  • 6.
  • 8. Password-less authenticationUser-friendly experienceEnterprise-grade security 47M enterprises have deployed Windows Hello for Business active Windows Hello users 6.5K growth in biometric capable computers 350%
  • 9. FIDO2 Private preview began WebAuthn Support available to Windows 10 Insiders Self-provisioned keys for MSA Windows 10 October 2018 Update SPRING 2018 JULY 2018 OCTOBER 2018
  • 10. Admin controls End-user self-provisioning FIDO2 for Azure AD accounts Public preview begins JANUARY 2019 FIDO2 Private preview began WebAuthn Support available to Windows 10 Insiders Self-provisioned keys for MSA Windows 10 October 2018 Update SPRING 2018 JULY 2018 OCTOBER 2018
  • 11. Save Discard METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes Allowed methods Documentation = Recommended Registration settings Usage and insights Getting started ACTIVITY Audit logs TROUBLESHOOTING + SUPPORT Troubleshoot New support request MANAGE Authentication methods Password protection (Preview) i i i i i i i i i i Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods 1 group Yes Text message i
  • 12. REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes … FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Yes No Enforce key restrictions Restrict specific keys Yes No Manage security keys Manual set-up All users All users Select users
  • 13. REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Yes No Enforce key restrictions Restrict specific keys Manage security keys Manual set-up All users Select users All users
  • 14. REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Enforce key restrictions Restrict specific keys Manage security keys Manual set-up No users selected … Yes No
  • 15. REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No Manage security keys Manual set-up Search by name or email address Search OK Cancel Search by name of email addressPilot Add users and groups …No users selected
  • 16. REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No Manage security keys Manual set-up Search by name or email address Search OK Cancel Search by name of email addressPilot group Pilot group Pilotgroup@wingtiptoys.com Pilot group corp pilotgrpcorp@wingtiptoys.com Pilot group NYC pilotgrpmkt@wingtiptoys.com PG PG PG Add users and groups …No users selected
  • 17. REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No Manage security keys Manual set-up Search by name or email address Search Search by name of email addressPilot group Add users and groups OK Cancel Pilot group Pilotgroup@wingtiptoys.com PG x OK Cancel …No users selected
  • 18. REQUIRE REGISTRATION: METHOD TARGET ENABLED Password All users Yes Phone call All users Yes Microsoft Authenticator app No Verification code – authenticator app No Verification code – hardware token No Windows Hello No FIDO No PIN No Email address No Security questions 5 groups Yes = Recommended Save Save Discard Allowed methods Documentation Registration settings TROUBLESHOOTING + SUPPORT Troubleshoot New support request ACTIVITY Audit logs MANAGE Authentication methods Password protection (Preview) Usage and insights Getting started Authentication methods Wingtiptoys – Azure AD Security Home > Authentication methods > Authentication methods TARGET USERSENABLE Save Discard CONFIGURE REGISTRATION Required All users Select users NAME + add users and group 1 group Yes FIDO2 Security Keys Yes No Allow self-service set-up for groups Yes No Enforce Attestation Yes No KEY RESTRICTION POLICY + add AAGUID Allow Block Enforce key restrictions Restrict specific keys Manage security keys Manual set-up Pilot group … Yes No
  • 19.
  • 20.
  • 30. FIDO2 security key 1 Windows 10 device 6 3 4 7 9 2 3 4 5 2 1 User plugs FIDO2 security key into computer Windows detects FIDO2 security key Windows device sends auth request Azure AD sends back nonce User completes gesture to unlock private key stored in security key’s secure enclave FIDO2 security key signs nonce with private key PRT token request with signed nonce is sent to Azure AD Azure AD verifies FIDO key Azure AD returns PRT and TGT to enable access to on-premises resources 8 7 8 9 5 6