At Ignite 2022 we announced general availability of Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA) as a part of Microsoft’s commitment to Executive Order 14028, Improving th...
Updated Nov 02, 2022
Version 2.0
Blog Post
There is following line in the blog. I am trying to make sure I interpreted correctly.
All browser-based web-apps and native apps, including Microsoft first-party apps using the latest https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overviewhttps://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview (MSAL), support Azure AD CBA with https://www.yubico.com/products/ on mobile devices. Azure AD CBA with YubiKey is also supported with the brokered authentication flow using latest Microsoft Authenticator (https://play.google.com/store/apps/details?id=com.azure.authenticator&gl=US or https://apps.apple.com/app/microsoft-authenticator/id983156458 for all apps that are not already on the latest MSAL.
- If any native-app is latest with respect to MSAL then it does not need support of broker (ms-authenticator) to accomplish CBA where certificate could be in device or in external CCID-compliant device.
- If native-app is NOT latest with respect to MSAL then it will need to integrate with latest broker (ms-authenticator) to accomplish CBA
- If web-app is opened on Safari Browser then we can complete CBA where certificate could be in device or in external CCID-compliant device.