Event details

The second webinar bridges theory to practice. Now that you know why unification matters, it’s time to learn how to get started. In this foundations panel session hosted by Identity Expert, Merill Fe...
Pearl-Angeles
Updated Oct 09, 2025
entra suite
MarkWonsil's avatar
MarkWonsil
Copper Contributor
Oct 09, 2025

For office (small O) users, Entra is a nice fit. People generally have dedicated workstations and phones for phishing-resistant MFA. How can Entra help in the case of workers who move around the plant-floor, restaurant, or other scenarios where there are shared workstations where sharing a logged-in computer is the norm. How to you get to a Zero Trust posture in the shared-workstation environment? Thanks!

  • Nathan_McNulty's avatar
    Nathan_McNulty
    Copper Contributor
    Oct 09, 2025

    Fortunately, these devices are still able to managed and secured, but authentication in many of these environments is definitely a hard problem because Hello for Business has a limit of 10 logins, FIDO2 keys are far too expensive, and often phones aren't allowed.

    Auto logged-in computers can sometimes be switched to act more like kiosks ensuring email or timesheet access is logged out automatically. In other cases, blocking access to unnecessary resources might be more desirable. These devices are typically also more restricted on standard Internet access, so we do have opportunities for compensating controls.

    Outside of that, the new QR code sign-in or using Temporary Access Pass introduce some interesting ways to handle workflows that get away from standard passwords for specialized access. Sadly, there isn't a perfect solution for this yet, though I hope some day we get the ability to log in using a passkey from a phone like we can with Passwordless push :)

    • MarkWonsil's avatar
      MarkWonsil
      Copper Contributor
      Oct 10, 2025

      Thank you, Nathan. I think this is where Entra can really shine since this is also a layer 7 problem. We need identity to selectively allow people to various resources from the same workstation. As you mentioned, Windows Hello would be amazing, but that's authentication to the OS. Maybe something like secure profile switching in the browser might be better? And maybe not in one browser session but multiple browsers running at once secured by verifiable credentials using some biometric plus an NCF card that's cheaper than FIDO2 or phones.  I do look forward to any frontline security solutions as this is a very underserved market mostly because it is not easy. Thanks!!!