Forum Discussion
martinj
May 18, 2022Brass Contributor
What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?
Using FIDO2 devices physically attached to the Hyper-V host in a virtual machine is greatly needed, for instance for PAWs, where the user on his not-locked-down desktop/production-apps VM needs to do...
KalimanneJ
May 30, 2022Iron Contributor
Has anyone heard anything on this?
The PAW is supposed to be a physical machine; not a VM.
Also, would using Yubikeys as smartcards instead of FIDO2 keys be an alternative for Hyper-V VMs until FIDO2 support is available?
The PAW is supposed to be a physical machine; not a VM.
Also, would using Yubikeys as smartcards instead of FIDO2 keys be an alternative for Hyper-V VMs until FIDO2 support is available?
- MypetrApr 11, 2023Copper Contributor
Interested in FIDO2 passthrough also, because of PAWs use.
btw: Current Microsoft recommendation regarding PAWs/SAWs is to have both admin+user OSes as virtual machines
- KalimanneJApr 11, 2023Iron ContributorWhere are you seeing this “current” recommendation that a PAW should be a VM?
I have only seen Microsoft recommending VMs for creating a lab environment for testing.
They have always recommended that the PAW be on a locked down physical device and you run a VM or have a separate device for your non-admin use. They recommended that the PAW be physical so that a compromised VM host doesn’t compromise the virtualized PAW. They have always said to not sign-in to a higher privileged device from a lower privileged device.- MypetrApr 11, 2023Copper Contributor
KalimanneJ here under “Secure devices” section https://www.microsoft.com/insidetrack/blog/improving-security-by-protecting-elevated-privilege-accounts-at-microsoft/