Forum Discussion
What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?
Using FIDO2 devices physically attached to the Hyper-V host in a virtual machine is greatly needed, for instance for PAWs, where the user on his not-locked-down desktop/production-apps VM needs to do FIDO2 logins.
And now that https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/ , one would expect it to be a priority.
MS employees have https://www.reddit.com/r/sysadmin/comments/l3mlif/comment/gki75pj/?utm_source=share&utm_medium=web2x&context=3 a year ago, that it was on the roadmap.
But when can we expect to see it coming?
6 Replies
- Has anyone heard anything on this?
The PAW is supposed to be a physical machine; not a VM.
Also, would using Yubikeys as smartcards instead of FIDO2 keys be an alternative for Hyper-V VMs until FIDO2 support is available?Interested in FIDO2 passthrough also, because of PAWs use.
btw: Current Microsoft recommendation regarding PAWs/SAWs is to have both admin+user OSes as virtual machines
- Where are you seeing this “current” recommendation that a PAW should be a VM?
I have only seen Microsoft recommending VMs for creating a lab environment for testing.
They have always recommended that the PAW be on a locked down physical device and you run a VM or have a separate device for your non-admin use. They recommended that the PAW be physical so that a compromised VM host doesn’t compromise the virtualized PAW. They have always said to not sign-in to a higher privileged device from a lower privileged device.
