This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
OpenID for Verifiable Credentials is a family of protocols supporting implementation of applications with Verifiable Credentials, i.e. verifiable credential issuance, credential presentation, and pseudonyms authentication.
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
This slide deck explores the evolution of authentication mechanisms, advantages and the disadvantages of each, and how adaptive authentication may be the answer.
Watch the webinar here: https://wso2.com/library/webinars/2019/01/adaptive-authentication-what-why-and-how/
Security for oauth 2.0 - @topavankumarjPavan Kumar J
OAuth is one of the most successful authorization protocols on the Internet. The OAuth 2.0 framework, the proposed standard to replace OAuth 1.0, enables a third-party application to obtain limited access to an application, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the application, or by allowing the third-party application to obtain access on its own behalf.
In this webinar, we provide an overview of the OAuth 2.0 authorization model, how it fits in the enterprise environment, and some critical security implications of note for software architects and security analysts.
Vulnerable App: https://github.com/topavankumarj/Vulnerable-OAuth2.0-Application
Key Takeaways:
1.) Comprehensive understanding of the OAuth 2.0 authorization framework.
2.) Threats/Attacks specific to OAuth 2.0
3.) Practical demonstration of exploit vectors
4.) Outline of architectural best practices in OAuth 2.0
Who should attend:
1.) Application architects /API developers who use OAuth to publish and/or interact with protected data.
2.) Security Analysts who want to learn about security implications relevant to the OAuth Framework.
The Certified Information Privacy Manager (CIPM) certificate validates your expertise in privacy program management and your capability to create, operate, and manage a privacy program throughout all its lifecycle stages. To become certified, you must master all the ideas and subjects listed in the CIPM body of knowledge. CIPM training teaches a process for conceptualizing, designing, building and operating a data privacy management program. It also gives professionals the skills to operationalize privacy and minimize risks to reputation from improper handling of personal data.
The ability to classify, protect and access the proper information is vital to a company’s competitiveness, profitability, and existence. How can Microsoft help to
better protect your information inside and outside your organization?
OpenID for Verifiable Credentials is a family of protocols supporting implementation of applications with Verifiable Credentials, i.e. verifiable credential issuance, credential presentation, and pseudonyms authentication.
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
This slide deck explores the evolution of authentication mechanisms, advantages and the disadvantages of each, and how adaptive authentication may be the answer.
Watch the webinar here: https://wso2.com/library/webinars/2019/01/adaptive-authentication-what-why-and-how/
Security for oauth 2.0 - @topavankumarjPavan Kumar J
OAuth is one of the most successful authorization protocols on the Internet. The OAuth 2.0 framework, the proposed standard to replace OAuth 1.0, enables a third-party application to obtain limited access to an application, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the application, or by allowing the third-party application to obtain access on its own behalf.
In this webinar, we provide an overview of the OAuth 2.0 authorization model, how it fits in the enterprise environment, and some critical security implications of note for software architects and security analysts.
Vulnerable App: https://github.com/topavankumarj/Vulnerable-OAuth2.0-Application
Key Takeaways:
1.) Comprehensive understanding of the OAuth 2.0 authorization framework.
2.) Threats/Attacks specific to OAuth 2.0
3.) Practical demonstration of exploit vectors
4.) Outline of architectural best practices in OAuth 2.0
Who should attend:
1.) Application architects /API developers who use OAuth to publish and/or interact with protected data.
2.) Security Analysts who want to learn about security implications relevant to the OAuth Framework.
The Certified Information Privacy Manager (CIPM) certificate validates your expertise in privacy program management and your capability to create, operate, and manage a privacy program throughout all its lifecycle stages. To become certified, you must master all the ideas and subjects listed in the CIPM body of knowledge. CIPM training teaches a process for conceptualizing, designing, building and operating a data privacy management program. It also gives professionals the skills to operationalize privacy and minimize risks to reputation from improper handling of personal data.
The ability to classify, protect and access the proper information is vital to a company’s competitiveness, profitability, and existence. How can Microsoft help to
better protect your information inside and outside your organization?
Salesforce.Com - my presentation from April User GroupMaria Pergolino
Presentation for the May Philadelphia Salesforce.com User Group Meeting - more details about the event can be found on the group's blog http://usergroups.salesforce.com/philadelphia/ or via twitter http://www.twitter.com/phillysfdc
December 2019 Microsoft 365 Need to Know WebinarRobert Crane
Slides from CIAOPS December 2019 webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on security. Video recording is available at www.ciaopsacademy.com
This session will explore Windows 7 core platform security improvements, securing anywhere access, data protection, and protecting desktop users. We will explain how Windows 7 features in each of these areas provide the foundation for secure and reliable platform. We will discuss User Account Control improvements, enhanced auditing, Network Access Protection (NAP), Firewall improvements, Applocker, Bitlocker and Bitlocker to go enhancements, Direct Access, Internet Explorer 8 security improvements, and EFS enhancements.
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsDrew Madelung
How do you protect your confidential content from being exposed? Being able to secure your files and content across workloads is a necessity and the tools are available to you today in the Microsoft 365 Security admin center. Microsoft 365 Sensitivity Labels are the evolution of Azure Information Protection and more within the Microsoft Information Protection suite.
Effective Instrumentation Strategies for Data-driven Product Management Pawan Kumar Adda
Everyone wants to drive product decisions based on data. But that is the end goal, an intent. This goal needs a strategy and sustainable execution plan that would empower the companies and its employees to become data informed while making decisions. Enter Product Instrumentation. In this session, we will explore what is product instrumentation, why it is needed, and how you can get started with it.
What's New with Ivanti’s Enterprise Licensing Agreement?Ivanti
If you have or are considering any Ivanti Products, the Enterprise Licensing Agreement (ELA) is especially worth checking out. In this webinar we'll discuss the benefits of the ELA and the variations designed to fit any organization’s budgetary needs. You will also learn about new ELA options and additional education discounts.
Red Hat Summit - OpenShift Identity Management and ComplianceMarc Boorshtein
Our presentation from Red Hat Summit on OpenShift, Identity Management and Compliance. We talk about how to apply DevOps to identity management in OpenShift and make everyone happy.
EMS, one suite to manage and secure your workplaceDelta-N
Met Enterprise Mobility Suite heeft Microsoft een aantal zaken samegevoegd waardoor je in één suite gebruik kunt maken van Azure AD Premium, Intune en diverse beveiligingstools. In deze sessie zullen de diverse do’s en dont’s van EMS aan de orde komen en ook zal dieper worden ingegaan op de toepassing ervan in combinatie met Office 365. Want sommige EMS features zijn ook deels aanwezig in Office 365. Aan het eind van deze sessie heb je beter inzicht in de mogelijkheden van EMS, op welke wijze je het kunt inrichten en hoe en wat de verschillen zijn met de mogelijkheden van de diverse office 365 mogelijkheden. Je kunt dan voor jezelf de vraag beantwoorden: heb ik in mijn organisatie EMS nodig naast Office 365?
This Deck, gives you an overview of the zero trust security posture, considerations you should have while looking to adopt that posture, and the advantages of doing so.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
10. Admin controls
End-user self-provisioning
FIDO2 for
Azure AD accounts
Public preview begins
JANUARY
2019
FIDO2
Private preview
began
WebAuthn
Support
available to
Windows 10 Insiders
Self-provisioned keys
for MSA
Windows 10
October 2018 Update
SPRING
2018
JULY
2018
OCTOBER
2018
11. Save Discard
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
Allowed methods
Documentation
= Recommended
Registration settings
Usage and insights
Getting started
ACTIVITY
Audit logs
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
MANAGE
Authentication methods
Password protection (Preview)
i
i
i
i
i
i
i
i
i
i
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
1 group Yes
Text message i
12. REQUIRE REGISTRATION:
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
= Recommended
Save
Save Discard
Allowed methods
Documentation
Registration settings
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
ACTIVITY
Audit logs
MANAGE
Authentication methods
Password protection (Preview)
Usage and insights
Getting started
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
TARGET USERSENABLE
Save Discard
CONFIGURE
REGISTRATION
Required
All users Select users
NAME
+ add users and group
1 group Yes
…
FIDO2 Security Keys
Yes No
Allow self-service set-up for groups
Yes No
Enforce Attestation
Yes No
KEY RESTRICTION POLICY
+ add AAGUID
Allow Block
Yes No
Enforce key restrictions
Restrict specific keys
Yes No
Manage security keys
Manual set-up
All users
All users Select users
13. REQUIRE REGISTRATION:
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
= Recommended
Save
Save Discard
Allowed methods
Documentation
Registration settings
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
ACTIVITY
Audit logs
MANAGE
Authentication methods
Password protection (Preview)
Usage and insights
Getting started
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
TARGET USERSENABLE
Save Discard
CONFIGURE
REGISTRATION
Required
All users Select users
NAME
+ add users and group
1 group Yes
FIDO2 Security Keys
Yes No
Allow self-service set-up for groups
Yes No
Enforce Attestation
Yes No
KEY RESTRICTION POLICY
+ add AAGUID
Allow Block
Yes No
Enforce key restrictions
Restrict specific keys
Manage security keys
Manual set-up
All users Select users
All users
14. REQUIRE REGISTRATION:
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
= Recommended
Save
Save Discard
Allowed methods
Documentation
Registration settings
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
ACTIVITY
Audit logs
MANAGE
Authentication methods
Password protection (Preview)
Usage and insights
Getting started
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
TARGET USERSENABLE
Save Discard
CONFIGURE
REGISTRATION
Required
All users Select users
NAME
+ add users and group
1 group Yes
FIDO2 Security Keys
Yes No
Allow self-service set-up for groups
Yes No
Enforce Attestation
Yes No
KEY RESTRICTION POLICY
+ add AAGUID
Allow Block
Enforce key restrictions
Restrict specific keys
Manage security keys
Manual set-up
No users selected …
Yes No
15. REQUIRE REGISTRATION:
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
= Recommended
Save
Save Discard
Allowed methods
Documentation
Registration settings
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
ACTIVITY
Audit logs
MANAGE
Authentication methods
Password protection (Preview)
Usage and insights
Getting started
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
TARGET USERSENABLE
Save Discard
CONFIGURE
REGISTRATION
Required
All users Select users
NAME
+ add users and group
1 group Yes
FIDO2 Security Keys
Yes No
Allow self-service set-up for groups
Yes No
Enforce Attestation
Yes No
Manage security keys
Manual set-up
Search by name or email address
Search
OK Cancel
Search by name of email addressPilot
Add users and groups
…No users selected
16. REQUIRE REGISTRATION:
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
= Recommended
Save
Save Discard
Allowed methods
Documentation
Registration settings
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
ACTIVITY
Audit logs
MANAGE
Authentication methods
Password protection (Preview)
Usage and insights
Getting started
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
TARGET USERSENABLE
Save Discard
CONFIGURE
REGISTRATION
Required
All users Select users
NAME
+ add users and group
1 group Yes
FIDO2 Security Keys
Yes No
Allow self-service set-up for groups
Yes No
Enforce Attestation
Yes No
Manage security keys
Manual set-up
Search by name or email address
Search
OK Cancel
Search by name of email addressPilot group
Pilot group
Pilotgroup@wingtiptoys.com
Pilot group corp
pilotgrpcorp@wingtiptoys.com
Pilot group NYC
pilotgrpmkt@wingtiptoys.com
PG
PG
PG
Add users and groups
…No users selected
17. REQUIRE REGISTRATION:
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
= Recommended
Save
Save Discard
Allowed methods
Documentation
Registration settings
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
ACTIVITY
Audit logs
MANAGE
Authentication methods
Password protection (Preview)
Usage and insights
Getting started
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
TARGET USERSENABLE
Save Discard
CONFIGURE
REGISTRATION
Required
All users Select users
NAME
+ add users and group
1 group Yes
FIDO2 Security Keys
Yes No
Allow self-service set-up for groups
Yes No
Enforce Attestation
Yes No
Manage security keys
Manual set-up
Search by name or email address
Search
Search by name of email addressPilot group
Add users and groups
OK Cancel
Pilot group
Pilotgroup@wingtiptoys.com
PG
x
OK Cancel
…No users selected
18. REQUIRE REGISTRATION:
METHOD TARGET ENABLED
Password All users Yes
Phone call All users Yes
Microsoft Authenticator app No
Verification code – authenticator app No
Verification code – hardware token No
Windows Hello No
FIDO No
PIN No
Email address No
Security questions 5 groups Yes
= Recommended
Save
Save Discard
Allowed methods
Documentation
Registration settings
TROUBLESHOOTING + SUPPORT
Troubleshoot
New support request
ACTIVITY
Audit logs
MANAGE
Authentication methods
Password protection (Preview)
Usage and insights
Getting started
Authentication methods
Wingtiptoys – Azure AD Security
Home > Authentication methods > Authentication methods
TARGET USERSENABLE
Save Discard
CONFIGURE
REGISTRATION
Required
All users Select users
NAME
+ add users and group
1 group Yes
FIDO2 Security Keys
Yes No
Allow self-service set-up for groups
Yes No
Enforce Attestation
Yes No
KEY RESTRICTION POLICY
+ add AAGUID
Allow Block
Enforce key restrictions
Restrict specific keys
Manage security keys
Manual set-up
Pilot group …
Yes No
30. FIDO2 security key
1
Windows 10 device
6 3
4
7
9
2
3
4
5
2
1
User plugs FIDO2 security key into computer
Windows detects FIDO2 security key
Windows device sends auth request
Azure AD sends back nonce
User completes gesture to unlock private key
stored in security key’s secure enclave
FIDO2 security key signs nonce with private key
PRT token request with signed nonce is sent
to Azure AD
Azure AD verifies FIDO key
Azure AD returns PRT and TGT to enable
access to on-premises resources
8
7
8
9
5
6