Forum Discussion
martinj
May 18, 2022Brass Contributor
What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?
Using FIDO2 devices physically attached to the Hyper-V host in a virtual machine is greatly needed, for instance for PAWs, where the user on his not-locked-down desktop/production-apps VM needs to do FIDO2 logins.
And now that Microsoft has commited to accellerate passwordless platforms , one would expect it to be a priority.
MS employees have said a year ago, that it was on the roadmap.
But when can we expect to see it coming?
- KalimanneJIron ContributorHas anyone heard anything on this?
The PAW is supposed to be a physical machine; not a VM.
Also, would using Yubikeys as smartcards instead of FIDO2 keys be an alternative for Hyper-V VMs until FIDO2 support is available?- MypetrCopper Contributor
Interested in FIDO2 passthrough also, because of PAWs use.
btw: Current Microsoft recommendation regarding PAWs/SAWs is to have both admin+user OSes as virtual machines
- KalimanneJIron ContributorWhere are you seeing this “current” recommendation that a PAW should be a VM?
I have only seen Microsoft recommending VMs for creating a lab environment for testing.
They have always recommended that the PAW be on a locked down physical device and you run a VM or have a separate device for your non-admin use. They recommended that the PAW be physical so that a compromised VM host doesn’t compromise the virtualized PAW. They have always said to not sign-in to a higher privileged device from a lower privileged device.