Expansion of FIDO standard and new updates for Microsoft passwordless solutions

Published May 05 2022 06:00 AM 35.4K Views

Howdy folks, 

 

Happy World Password Day! Today, I’m super excited to share some great news with you: Together, with the FIDO Alliance and other major platforms, Microsoft has announced support for the expansion of a common passwordless standard created by the FIDO Alliance and the World Wide Web consortium. These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords. We also have some great updates coming to our passwordless solutions in Azure Active Directory (Azure AD) and Windows that will expand passwordless to more use cases. 

 

Passwords have never been less adequate for protecting our digital lives. As Vasu Jakkal reported earlier today, there are over 921 password attacks every second. Lots of attackers want your password and will keep trying to steal it from you. It’s better for everyone if we just cut off their supply. 

 

Replacing passwords with passkeys 

Passkeys are a safer, faster, easier replacement for your password. With passkeys, you can sign in to any supported website or application by simply verifying your face, fingerprint or using a device PIN. Passkeys are fast, phish-resistant, and will be supported across leading devices and platforms. Your biometric information never leaves the device and passkeys can even be synced across devices on the same platform – so you don’t need to enroll each device and you’re protected in case you upgrade or lose your device. You can use Windows Hello today to sign in to any site that supports passkeys, and in the near future, you’ll be able to sign in to your Microsoft account with a passkey from an Apple or Google device.  

 

We enthusiastically encourage website owners and app developers to join Microsoft, Apple, Google, and the FIDO Alliance to support passkeys and help realize our vision of a truly passwordless world.  

 

FIDO passkey image.jpg

 

Going passwordless 

We’re proud to have been one of the earliest supporters of the FIDO standards, including FIDO2 certification for Windows Hello. We’re thrilled to evolve the FIDO standards ecosystem to support passkeys and that passwordless authentication continues to gain momentum. 

Since we started introducing passwordless sign-in nearly 5 years ago, the number of people across Microsoft services signing in each month without using their password has reached more than 240 million. And in the last six months, over 330,000 people have taken the next step of removing the password from their Microsoft Account. After all, you’re completely safe from password-based attacks if you don’t have one. 

 

Today, we’re also announcing new capabilities that will make it easier for enterprises to go completely passwordless: 

 

Passwordless for Windows 365, Azure Virtual Desktop, and Virtual Desktop Infrastructure 

Now that remote or hybrid work is the new norm, lots more people are using a remote or virtualized desktop to get their work done. And now, we’ve added passwordless support for Windows 365, Azure Virtual Desktop, and Virtual Desktop Infrastructure. This is currently in preview with Windows 11 Insiders, and is on the way for Windows 10 as well.  

 

Windows Hello for Business Cloud Trust  

Windows Hello for Business Cloud Trust simplifies the deployment experience of Windows Hello for hybrid environments. This new deployment model removes previous requirements for public key infrastructure (PKI) and syncing public keys between Azure AD and on-premises domain controllers. This improvement eliminates delays between users provisioning Windows Hello for Business and being able to authenticate and makes it easier than ever to use Windows Hello for Business for accessing on-premises resources and applications. Cloud Trust is now available in preview for Windows 10 21H2 and Windows 11 21H2. 

 

Multiple passwordless accounts in Microsoft Authenticator 

When we first introduced passwordless sign-in for Azure AD (work or school accounts), Microsoft Authenticator could only support one passwordless account at a time. Now that limitation has been removed and you can have as many as you want. iOS users will start to see this capability later this month and the feature will be available on Android afterwards.  

 

Passwordless phone sign in experience in Microsoft Authenticator for Azure AD accounts.Passwordless phone sign in experience in Microsoft Authenticator for Azure AD accounts.

 

 

Temporary Access Pass in Azure AD 

Temporary Access Pass in Azure AD, a time-limited passcode, has been a huge hit with enterprises since the public preview, and we’ve been adding more ways to use it as we prepare to release the feature this summer. Lots of customers have told us they want to distribute Temporary Access Passes instead of passwords for setting up new Windows devices. You’ll be able to use a Temporary Access Pass to sign in for the first time, to configure Windows Hello, and to join a device to Azure AD. This update will be available next month. 

 

End user experience for Temporary Access Pass in Windows 11 onboarding.End user experience for Temporary Access Pass in Windows 11 onboarding.

 

 

Customers implementing passwordless today 

We already have several great examples of large Microsoft customers implementing passwordless solutions, including Avanade, who went passwordless with help from Feitian to protect their clients’ data against security breaches. Amedisys, a home healthcare and hospice care provider, went passwordless to keep patient personal information secured. Both organizations are committed to using passwordless authentication not only to strengthen security, but also to make the sign-in experience easier for end users. 

 

We’d love to hear your feedback, so please leave a comment, check out the documentation, and visit aka.ms/gopasswordless for more information. 

 

 

Learn more about Microsoft identity: 

20 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-3323397%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3323397%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20sharing%20and%20these%20are%20good%20improvement.%3C%2FP%3E%3CP%3EHowever%2C%20we%20depend%20on%20our%20phone%2C%20it%20would%20be%20nice%20to%20be%20able%20to%20login%20without%20depending%20on%20the%20phone.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3290633%22%20slang%3D%22en-US%22%3EExpansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3290633%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EHowdy%20folks%2C%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EHappy%20World%20Password%20Day!%20Today%2C%20I%E2%80%99m%20super%20excited%20to%20share%20some%20great%20news%20with%20you%3A%20Together%2C%20with%20the%20FIDO%20Alliance%20and%20other%20major%20platforms%2C%20Microsoft%20has%20announced%20support%20for%20the%20expansion%20of%20a%20common%20passwordless%20standard%20created%20by%20the%20FIDO%20Alliance%20and%20the%20World%20Wide%20Web%20consortium.%20These%20multi-device%20FIDO%20credentials%2C%20sometimes%20referred%20to%20as%20passkeys%2C%20represent%20a%20monumental%20step%20toward%20a%20world%20without%20passwords.%20We%20also%20have%20some%20great%20updates%20coming%20to%20our%20passwordless%20solutions%20in%20Azure%20Active%20Directory%20(Azure%20AD)%20and%20Windows%20that%20will%20expand%20passwordless%20to%20more%20use%20cases.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EPasswords%20have%20never%20been%20less%20adequate%20for%20protecting%20our%20digital%20lives.%20As%20Vasu%20Jakkal%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F%3Fp%3D112734%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ereported%20earlier%20today%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20there%20are%20over%20921%20password%20attacks%20every%20second.%20Lots%20of%20attackers%20want%20your%20password%20and%20will%20keep%20trying%20to%20steal%20it%20from%20you.%20It%E2%80%99s%20better%20for%20everyone%20if%20we%20just%20cut%20off%20their%20supply.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1401463679%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%20id%3D%22toc-hId--1380195628%22%3EReplacing%20passwords%20with%20passkeys%26nbsp%3B%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EPasskeys%20are%20a%20safer%2C%20faster%2C%20easier%20replacement%20for%20your%20password.%20With%20passkeys%2C%20you%20can%20sign%20in%20to%20any%20supported%20website%20or%20application%20by%20simply%20verifying%20your%20face%2C%20fingerprint%20or%20using%20a%20device%20PIN.%20Passkeys%20are%20fast%2C%20phish-resistant%2C%20and%20will%20be%20supported%20across%20leading%20devices%20and%20platforms.%20Your%20biometric%20information%20never%20leaves%20the%20device%20and%20passkeys%20can%20even%20be%20synced%20across%20devices%20on%20the%20same%20platform%20%E2%80%93%20so%20you%20don%E2%80%99t%20need%20to%20enroll%20each%20device%20and%20you%E2%80%99re%20protected%20in%20case%20you%20upgrade%20or%20lose%20your%20device.%20You%20can%20use%20Windows%20Hello%20today%20to%20sign%20in%20to%20any%20site%20that%20supports%20passkeys%2C%20and%20in%20the%20near%20future%2C%20you%E2%80%99ll%20be%20able%20to%20sign%20in%20to%20your%20Microsoft%20account%20with%20a%20passkey%20from%20an%20Apple%20or%20Google%20device.%20%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWe%20enthusiastically%20encourage%20website%20owners%20and%20app%20developers%20to%20join%20Microsoft%2C%20Apple%2C%20Google%2C%20and%20the%20FIDO%20Alliance%20to%20support%20passkeys%20and%20help%20realize%20our%20vision%20of%20a%20truly%20passwordless%20world.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22FIDO%20passkey%20image.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F369254i838B334CCB427E05%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22FIDO%20passkey%20image.jpg%22%20alt%3D%22FIDO%20passkey%20image.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1086049154%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%20id%3D%22toc-hId-1107317205%22%3EGoing%20passwordless%26nbsp%3B%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWe%E2%80%99re%20proud%20to%20have%20been%20one%20of%20the%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Fwindows-hello-fido2-certification-gets-you-closer-to%2Fba-p%2F534592%22%20target%3D%22_blank%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Eearliest%20supporters%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20of%20the%20FIDO%20standards%2C%20including%20FIDO2%20certification%20for%20Windows%20Hello.%20We%E2%80%99re%20thrilled%20to%20evolve%20the%20FIDO%20standards%20ecosystem%20to%20support%20passkeys%20and%20that%20passwordless%20authentication%20continues%20to%20gain%20momentum.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESince%20we%20started%20introducing%20passwordless%20sign%3C%2FSPAN%3E%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ein%20nearly%205%20years%20ago%2C%20the%20number%20of%20people%20across%20Microsoft%20services%20signing%20in%20each%20month%20without%20using%20their%20password%20has%20reached%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Emore%20than%20240%20million%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%20And%20in%20the%20last%20six%20months%2C%20over%20330%2C000%20people%20have%20taken%20the%20next%20step%20of%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F09%2F15%2Fthe-passwordless-future-is-here-for-your-microsoft-account%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Eremoving%20the%20password%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20from%20their%20Microsoft%20Account.%20After%20all%2C%20you%E2%80%99re%20completely%20safe%20from%20password-based%20attacks%20if%20you%20don%E2%80%99t%20have%20one.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EToday%2C%20we%E2%80%99re%20also%20announcing%20new%20capabilities%20that%20will%20make%20it%20easier%20for%20enterprises%20to%20go%20completely%20passwordless%3A%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--721405309%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%20id%3D%22toc-hId--700137258%22%3EPasswordless%20for%20Windows%20365%2C%20Azure%20Virtual%20Desktop%2C%20and%20Virtual%20Desktop%20Infrastructure%26nbsp%3B%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ENow%20that%20remote%20or%20hybrid%20work%20is%20the%20new%20norm%2C%20lots%20more%20people%20are%20using%20a%20remote%20or%20virtualized%20desktop%20to%20get%20their%20work%20done.%20And%20now%2C%20we%E2%80%99ve%20added%20passwordless%20support%20for%20Windows%20365%2C%20Azure%20Virtual%20Desktop%2C%20and%20Virtual%20Desktop%20Infrastructure.%20This%20is%20currently%20in%20preview%20with%20Windows%2011%20Insiders%2C%20and%20is%20on%20the%20way%20for%20Windows%2010%20as%20well.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1766107524%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%20id%3D%22toc-hId-1787375575%22%3EWindows%20Hello%20for%20Business%20Cloud%20Trust%26nbsp%3B%26nbsp%3B%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWindows%20Hello%20for%20Business%20Cloud%20Trust%20simplifies%20the%20deployment%20experience%20of%20Windows%20Hello%20for%20hybrid%20environments.%20This%20new%20deployment%20model%20removes%20previous%20requirements%20for%20public%20key%20infrastructure%20(PKI)%20and%20syncing%20public%20keys%20between%20Azure%20AD%20and%20on-premises%20domain%20controllers.%20This%20improvement%20eliminates%20delays%20between%20users%20provisioning%20Windows%20Hello%20for%20Business%20and%20being%20able%20to%20authenticate%20and%20makes%20it%20easier%20than%20ever%20to%20use%20Windows%20Hello%20for%20Business%20for%20accessing%20on-premises%20resources%20and%20applications.%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fhello-hybrid-cloud-trust%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ECloud%20Trust%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20is%20now%20available%20in%20preview%20for%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3EWindows%2010%2021H2%20and%20Windows%2011%2021H2.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--41346939%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%20id%3D%22toc-hId--20078888%22%3EMultiple%20passwordless%20accounts%20in%20Microsoft%20Authenticator%26nbsp%3B%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWhen%20we%20first%20introduced%20passwordless%20sign-in%20for%20Azure%20AD%20(work%20or%20school%20accounts)%2C%20Microsoft%20Authenticator%20could%20only%20support%20one%20passwordless%20account%20at%20a%20time.%20Now%20that%20limitation%20has%20been%20removed%20and%20you%20can%20have%20as%20many%20as%20you%20want.%20iOS%20users%20will%20start%20to%20see%20this%20capability%20later%20this%20month%20and%20the%20feature%20will%20be%20available%20on%20Android%20afterwards.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Passwordless%20phone%20sign%20in%20experience%20in%20Microsoft%20Authenticator%20for%20Azure%20AD%20accounts.%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F369121i5AA3FD4321F093A4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sdriggers_0-1651671669087.png%22%20alt%3D%22Passwordless%20phone%20sign%20in%20experience%20in%20Microsoft%20Authenticator%20for%20Azure%20AD%20accounts.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EPasswordless%20phone%20sign%20in%20experience%20in%20Microsoft%20Authenticator%20for%20Azure%20AD%20accounts.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1848801402%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%20id%3D%22toc-hId--1827533351%22%3ETemporary%20Access%20Pass%20in%20Azure%20AD%26nbsp%3B%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ETemporary%20Access%20Pass%20in%20Azure%20AD%2C%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-temporary-access-pass%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ea%20time-limited%20passcode%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20has%20been%20a%20huge%20hit%20with%20enterprises%20since%20the%20public%20preview%2C%20and%20we%E2%80%99ve%20been%20adding%20more%20ways%20to%20use%20it%20as%20we%20prepare%20to%20release%20the%20feature%20this%20summer.%20Lots%20of%20customers%20have%20told%20us%20they%20want%20to%20distribute%20Temporary%20Access%20Passes%20instead%20of%20passwords%20for%20setting%20up%20new%20Windows%20devices.%20You%E2%80%99ll%20be%20able%20to%20use%20a%20Temporary%20Access%20Pass%20to%20sign%20in%20for%20the%20first%20time%2C%20to%20configure%20Windows%20Hello%2C%20and%20to%20join%20a%20device%20to%20Azure%20AD.%20This%20update%20will%20be%20available%20next%20month.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22End%20user%20experience%20for%20Temporary%20Access%20Pass%20in%20Windows%2011%20onboarding.%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F369120i7E2F873FFB9D9C40%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sdriggers_1-1651671669096.png%22%20alt%3D%22End%20user%20experience%20for%20Temporary%20Access%20Pass%20in%20Windows%2011%20onboarding.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EEnd%20user%20experience%20for%20Temporary%20Access%20Pass%20in%20Windows%2011%20onboarding.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-638711431%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%20id%3D%22toc-hId-659979482%22%3ECustomers%20implementing%20passwordless%20today%26nbsp%3B%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWe%20already%20have%20several%20great%20examples%20of%20large%20Microsoft%20customers%20implementing%20passwordless%20solutions%2C%20including%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F1478724941851112337-avanade-partner-professional-services-teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAvanade%2C%20who%20went%20passwordless%20with%20help%20from%20Feitian%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20to%20protect%20their%20clients%E2%80%99%20data%20against%20security%20breaches.%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F1429879293982833570-amedisys-health-provider-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAmedisys%2C%20a%20home%20healthcare%20and%20hospice%20care%20provider%2C%20went%20passwordless%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20to%20keep%20patient%20personal%20information%20secured.%20Both%20organizations%20are%20committed%20to%20using%20passwordless%20authentication%20not%20only%20to%20strengthen%20security%2C%20but%20also%20to%20make%20the%20sign-in%20experience%20easier%20for%20end%20users.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWe%E2%80%99d%20love%20to%20hear%20your%20feedback%2C%20so%20please%20leave%20a%20comment%2C%20check%20out%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-deployment%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ethe%20documentation%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20and%20visit%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fgopasswordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Eaka.ms%2Fgopasswordless%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20for%20more%20information.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CI%3ELearn%20more%20about%20Microsoft%20identity%3A%3C%2FI%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%222%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%222%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EReturn%20to%20the%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fbg-p%2FIdentity%22%20target%3D%22_blank%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Active%20Directory%20Identity%20blog%20home%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%222%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%223%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EJoin%20the%20conversation%20on%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fazuread%2Fstatus%2F1278418103903363074%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ETwitter%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20and%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fmicrosoft-security%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ELinkedIn%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%222%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%224%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EShare%20product%20suggestions%20on%20the%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fd365community%2Fforum%2F22920db1-ad25-ec11-b6e6-000d3a4f0789%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Feedback%20Forum%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3290633%22%20slang%3D%22en-US%22%3E%3CP%3EFIDO%20announces%20platform%20commitment%20to%20expanded%20passwordless%20standard%2C%20a%20big%20step%20to%20a%20passwordless%20world.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22FIDO%20passkey%20image.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F369253i293C3146F7CFB47C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22FIDO%20passkey%20image.jpg%22%20alt%3D%22FIDO%20passkey%20image.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3290633%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIdentity%20and%20Access%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3324694%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3324694%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1381999%22%20target%3D%22_blank%22%3E%40Ed_Eastman%3C%2FA%3E%26nbsp%3B...%20everything%20you%20said%20except%20that%20you%20prefer%202%20factor%20is%20wrong%20about%20this%20technology.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3323883%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3323883%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20three%20issues%20with%20this%20technology.%26nbsp%3B%20One%3A%20I%20think%20I%20prefer%20the%202%20factor%2C%20what%20I%20know%20and%20something%20I%20have%20access%20to%2C%20this%20seems%20to%20be%20just%20the%20second%20part%20for%20the%20lazy%20among%20us.%26nbsp%3B%20How%20is%20one%20factor%20better%20than%202%3F%26nbsp%3B%20Two%3A%20Talk%20about%20easy%20tracking%20with%20a%20single%20login%20for%20everything%20everywhere%2C%20bet%20Google%20and%20Ad-sense%20are%20just%20giddy%20at%20the%20thought.%26nbsp%3B%20Three%3A%20Enough%20with%20the%20biometrics%20already%2C%20it%20doesn't%20take%20a%20clone%20to%20fool%20those%20systems%2C%20and%20how%20can%20you%20change%20your%20identity%20when%20you%20change%20your%20mind%3F%26nbsp%3B%20The%20ID%20is%20built%20into%20you%2C%20see%20point%202.%26nbsp%3B%20-Ed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3325147%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3325147%22%20slang%3D%22en-US%22%3E%3CP%3EWow%2C%20these%20are%20great%20improvements.%20Looking%20forward%20to%20test%20some%20of%20them%20already!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3324912%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3324912%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F972439%22%20target%3D%22_blank%22%3E%40Reza_Ameri%3C%2FA%3E%26nbsp%3B%20There%E2%80%99s%20a%20lot%20in%20this%20article%2C%20so%20I%E2%80%99m%20not%20sure%20which%20part%20specifically%20you%E2%80%99re%20referring%20to.%20%26nbsp%3BMuch%20of%20it%20though%20is%20about%20different%20options%2C%20some%20of%20which%20involve%20your%20phone%20and%20others%20do%20not.%20%26nbsp%3BWindows%20hello%20on%20a%20pc%20provides%20secure%20authentication%20without%20involving%20your%20phone%2C%20and%20with%20this%20pass%20key%20support%20you%20will%20be%20able%20to%20sign%20in%20to%20many%203rd%20party%20sites%20using%20Windows%20Hello.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3325771%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3325771%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1381999%22%20target%3D%22_blank%22%3E%40Ed_Eastman%3C%2FA%3E%26nbsp%3BThis%20is%20still%202%20factor%20authentication.%20With%20Windows%20Hello%2C%20it%20uses%20the%20combination%20of%20the%20device%20as%20one%20factor%20(something%20you%20have)%20and%20a%20PIN%20(something%20you%20know)%20or%20biometric%20identifier%20(something%20you%20are)%20for%20the%20second%20factor.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EIt%E2%80%99s%20also%20not%20a%20single%20login%20for%20every%20service%20in%20the%20way%20you%E2%80%99re%20thinking.%20With%20FIDO2%20your%20identity%20for%20each%20service%20is%20securely%20stored%20in%20a%20device%2C%20such%20as%20a%20USB%20key%2C%20PC%2C%20or%20phone.%20When%20that%20service%20requests%20your%20identity%20for%20authentication%2C%20the%20device%20can%20see%20which%20service%20is%20making%20the%20request%20and%20use%20the%20matching%20identity%20to%20respond%20and%20complete%20the%20authentication.%20%26nbsp%3B%3CSPAN%3EIt%20might%20seem%20like%20it%E2%80%99s%20all%20using%20your%20windows%20login%20for%20every%20service%2C%20but%20in%20reality%20that%20is%20just%20windows%20verifying%20your%20identity%20in%20order%20to%20allow%20you%20access%20to%20those%20securely%20stored%20credentials%20for%20Google%20or%20whatever.%20%26nbsp%3BIt%E2%80%99s%20like%20a%20password%20wallet%2C%20but%20better%20because%20it%20stores%20cryptographic%20credentials%20instead%20of%20a%20simple%20password.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3326386%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3326386%22%20slang%3D%22en-US%22%3E%3CP%3Egreat%20news%2C%20can%20you%20give%20more%20details%20on%20%22%3CSPAN%3EGoogle%20and%20Apple%20(yes%2C%20even%20Apple!)%20have%20all%20agreed%20to%20build%20into%20their%20OS%E2%80%99s%20and%20browsers%22%20(via%20twitter)%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3326745%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3326745%22%20slang%3D%22en-US%22%3E%3CP%3EWhatever%20the%20technology%20adds%2C%20we%20need%20on-prem%20enterprise%20passwordless%20at%20login%20for%20Windows%2010%2F11%2FServer%20devices%20using%20MS%20Authenticator%20immediately.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20just%20MS365%20resources%2C%20but%20actual%20on-prem%20AD%20login%20implementation.%20(It%20can%20use%20cloud%20as%20the%20source%20of%20authority%2C%20but%20should%20extend%20to%20on-prem%20workstation%20logins.)%20It's%20really%20silly%20this%20doesn't%20exist%20now.%20And%20Windows%20Hello%20doesn't%20count...it's%20horrifyingly%20complex%20to%20set%20up%20and%20run%20in%20the%20enterprise%20and%2For%20requires%20a%20huge%20expenditure%20in%20extra%20hardware.%20And%20don't%20get%20me%20started%20on%20staff%20and%20Yubikeys.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EProtecting%20the%20cloud%20is%20great%2C%20but%20the%20desktop%20is%20where%20we%20live.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3326940%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3326940%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F587532%22%20target%3D%22_blank%22%3E%40JRichmond%3C%2FA%3E%26nbsp%3Bagreed%2C%20there%20have%20been%20no%20significant%20development%20for%20on%20prem%20AD%2FAuth%20in%20years%20-%20maybe%20even%20a%20decade%20and%20I%20see%20no%20desire%20from%20MSFT%20to%20bring%20anything%20new%20to%20onprem.%20Onprem%20solutions%20will%20be%20the%20domain%20of%203rd%20party%20solution%20providers%2C%20which%20sort%20of%20sucks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3327293%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3327293%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F76441%22%20target%3D%22_blank%22%3E%40David%20Bargna%3C%2FA%3E%26nbsp%3BLast%20June%20at%20WWDC21%20Apple%20announced%20that%20they%20are%20working%20on%20Passkey.%20And%20it%20was%20available%20in%20iOS%2015%20and%20macOS%2012%20as%20beta.%20I%20guess%20that%20means%20we%20will%20see%20this%20in%20the%20upcoming%20iOS%2016%2FmacOS%2013%20betas%2Freleases.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdeveloper.apple.com%2Fvideos%2Fplay%2Fwwdc2021%2F10106%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdeveloper.apple.com%2Fvideos%2Fplay%2Fwwdc2021%2F10106%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGoogle%20released%20this%20info%20today%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblog.google%2Ftechnology%2Fsafety-security%2Fone-step-closer-to-a-passwordless-future%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.google%2Ftechnology%2Fsafety-security%2Fone-step-closer-to-a-passwordless-future%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3327821%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3327821%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E1)%3C%2FSTRONG%3E%20Google%20stated%20the%20following%20in%20their%20blog%20post%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%3CEM%3E%22To%20sign%20into%20a%20website%20on%20your%20computer%2C%20you%E2%80%99ll%20just%20need%20your%20phone%20nearby%20and%20you%E2%80%99ll%20simply%20be%20prompted%20to%20unlock%20it%20for%20access.%22%3C%2FEM%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20agree%20with%20the%20other%20poster%20that%20this%20needs%20to%20work%20without%20requiring%20a%20phone.%20I%20neither%20have%20nor%20want%20a%20smartphone%20and%20people%20in%20secure%20facilities%20are%20not%20permitted%20to%20have%20a%20mobile%20phone%20on%20premises.%20Also%2C%20not%20all%20employees%20are%20given%20company%20phones%20and%20employees%20should%20never%20use%20their%20own%20phones%20for%20work%20purposes%20as%20they%20can%20then%20be%20subpoenaed.%20Therefore%2C%20users%20should%20be%20able%20to%20use%20FIDO%20with%20whatever%20devices%20%3CEM%3Ethey%3C%2FEM%3E%20choose%2C%20without%20a%20strict%20phone%20requirement%3B%20whether%20that%20be%20using%20multiple%20desktop%20computers%2C%20or%20other%20non-phone%20hardware%20such%20as%20FIDO%20USB%20security%20keys%2C%20etc..%20The%20choice%20of%20hardware%20used%20to%20authenticate%20should%20be%20for%20the%20user%20to%20decide%20%E2%80%93%20not%20the%20people%20implementing%20it%20%E2%80%93%20with%20as%20many%20options%20as%20possible%20available%20to%20them%20to%20suit%20their%20own%20use%20case.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E2)%3C%2FSTRONG%3E%20I%20would%20also%20like%20to%20know%20more%20details%20on%20the%20mechanisms%20in%20place%20to%20protect%20syncing%20between%20devices.%20With%20FIDO2%2C%20an%20attacker%20would%20need%20physical%20access%20to%20the%20machine%20to%20obtain%20the%20private%20key.%20If%20the%20private%20key%20is%20now%20being%20stored%20in%20the%20cloud%2C%20it%20would%20be%20useful%20to%20provide%20more%20details%20on%20what%20steps%20are%20taken%20to%20ensure%20this%20private%20key%20cannot%20be%20accessed%20by%20anyone%20else.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E3)%3C%2FSTRONG%3E%20Details%20on%20what%20type%20of%20recovery%20mechanisms%20%E2%80%93%20that%20don't%20involve%20a%20phone%20%E2%80%93%20are%20in%20place%20would%20also%20be%20useful.%20For%20example%2C%20if%20someone%20is%20travelling%20and%20the%20bag%20they%20are%20carrying%20%E2%80%93%20which%20contains%20both%20their%20phone%20and%20laptop%20%E2%80%93%20is%20lost%20or%20stolen.%20Presumably%2C%20the%20cloud%20account%20will%20still%20require%20a%20traditional%20non-FIDO%20recovery%20method%2C%20such%20as%20recovery%20codes%20for%20this%20scenario%20(as%20Google%2C%20Microsoft%2C%20Samsung%2C%20already%20allow%20recovery%20codes).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E4)%3C%2FSTRONG%3E%20Other%20than%20that%2C%20it%20sounds%20good.%20The%20only%20issue%20I%20have%20experienced%20using%20FIDO%20U2F%20and%20FIDO2%20over%20the%20years%2C%20is%20that%20not%20very%20many%20websites%20support%20it.%20Hopefully%20this%20new%20%22%3CEM%3Emulti-device%20FIDO%20credential%3C%2FEM%3E%22%20(passkey)%20will%20gain%20greater%20adoption%20this%20time%2C%20as%20it's%20more%20flexible%20for%20the%20end%20user%20(being%20able%20to%20sync%20between%20devices)%20and%20also%20more%20flexible%20for%20the%20website%20(individual%20websites%20don't%20have%20to%20worry%20about%20account%20recovery%20if%20a%20user%20loses%20their%20Yubikey%2C%20as%20the%20problem%20is%20now%20passed%20higher%20up%20the%20chain%20to%20the%20passkey%20cloud%20provider).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3328372%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3328372%22%20slang%3D%22en-US%22%3E%3CP%3EA%20shame%20that%20you%20are%20still%20actively%20blocking%20FIDO2%20when%20using%20firefox%20-%20everything%20works%20if%20spoofing%20the%20user-agent%20to%20chrome%2C%20but%20somewhere%20in%20microsoft%20code%20it%20checks%20for%20firefox%20and%20returns%20%22no%22.%26nbsp%3B%20Sad.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3328885%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3328885%22%20slang%3D%22en-US%22%3E%3CP%3E0.%20thank%20you%2C%20but%3A%3C%2FP%3E%3CP%3E1.%20please%20let%20us%20disable%20weak%20methods%20for%20AAD%20admins%20(we%20can%20choose%20methods%20for%20standard%20users)%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22RafaFitt_0-1651788983219.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F369606i8E14D3FE7BF386B0%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22RafaFitt_0-1651788983219.png%22%20alt%3D%22RafaFitt_0-1651788983219.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E(we%20need%20a%20Google%20Advanced%20Protection%20Program%2C%20but%20for%20AAD%20admins%20%3A)%3C%2Fimg%3E%20)%3C%2FP%3E%3CP%3E2.%20please%20let%20us%20generate%20an%20easily-pronouncable%20TAP%20for%26nbsp%3Bmulti-language%20environments%20-%20I%20suggest%20NATO%20phonetic%20alphabet%20(yes%2C%20it%20must%20be%20longer%20to%20have%20enough%20entropy).%20Sorry%2C%20I%20am%20not%20able%20to%20dictate%20this%20TAP%20(think%3A%20new%20employee%20-%20initial%20password%20-%20no%20access%20to%20any%20mailbox%2FSharepoint%2Fetc)%20to%20a%20Frenchman%20or%20to%20an%20Estonian%20-%20%40%26nbsp%3Bis%20called%20different%20in%20many%20language%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22RafaFitt_1-1651789386819.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F369611iA093FA84974BA794%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22RafaFitt_1-1651789386819.png%22%20alt%3D%22RafaFitt_1-1651789386819.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3329610%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3329610%22%20slang%3D%22en-US%22%3E%3CP%3EUsing%20text%20passwords%20to%20prove%20one's%20identity%20hasn't%20been%20a%20great%20idea%20without%20some%20help%20from%20current%20and%20future%20password-less%20innovations%2C%20for%20a%20while%20now.%20I'm%20sure%20passwords%20will%20become%20less%20and%20less%20common%20or%20desirable%2C%20or...%20well%2C%20I%20can%20hope%20at%20least.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3330471%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3330471%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1382399%22%20target%3D%22_blank%22%3E%40cGxrStNzv2IG3xa7zr7Mw9%3C%2FA%3E%26nbsp%3BFIDO2%20works%20fine%20in%20Firefox%20without%20spoofing%20the%20user%20agent.%20I%20use%20it%20all%20the%20time%20logging%20into%20Azure%20AD%20and%20related%20services%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20dir%3D%22ltr%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F788663%22%20target%3D%22_blank%22%3E%40Lexington%3C%2FA%3E%26nbsp%3Bfor%20you%20question%20%233%2C%20the%20Temporary%20Access%20Pass%20(TAP)%20is%20your%20cryptography%20secure%20recovery%20method.%20The%20user%20can%20login%20with%20this%20either%20a%20limited%20number%20of%20times%20and%20from%20here%20register%20a%20new%20FIDO2%20device.%20Ideally%20of%20course%20you%20register%20two%20FIDO2%20devices%20and%20don't%20store%20them%20together%20as%20a%20more%20convenient%20recovery.%3C%2FP%3E%0A%3CP%20dir%3D%22ltr%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20dir%3D%22ltr%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F587532%22%20target%3D%22_blank%22%3E%40JRichmond%3C%2FA%3E%26nbsp%3Bthe%20Windows%20Hello%20Business%20Cloud%20Trust%20implementation%20is%20designed%20to%20remove%20the%20complexity%20that%20this%20feature%20has%20and%20which%20you%20refer%20to%20above.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3332802%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3332802%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20FIDO%20for%20%3CSTRONG%3Eon-premises%3C%2FSTRONG%3E%20login%20currently%20sits%2C%20FIDO%20keys%20do%20not%20work%20reliably%2C%20rather%20only%20when%20the%20Windows%20client%20has%20direct%20network%20connectivity%20to%20a%20domain%20controller%20in%20the%20organization.%20If%20the%20client%20cannot%20reach%20the%20domain%20controller%2C%20one%20single%20login%20works%20and%20after%20that%20FIDO%20login%20fails%20with%20the%20message%20%22Sorry%2C%20try%20that%20again.%20There%20was%20an%20issue%20with%20the%20server.%22%20This%20was%20not%20the%20case%20before%20Microsoft's%20November%202021%20Security%20updates%20were%20pushed%20out.%20Before%20then%20it%20was%20100%25%20reliable%20on-premises.%20This%20scenario%20is%20not%20acceptable%20as%20much%20of%20today's%20workforce%20is%20remote%20working.%20Here%20are%20two%20specific%20examples%20that%20highlight%20this%20flaw%20when%20true%20MFA%20is%20enforced%20%2F%20the%20password%20option%20is%20disabled%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.You%20are%20remote%20working%20and%20lose%20Internet%20access%20for%20the%20day.%20You%20lock%20your%20computer%20to%20use%20the%20restroom%2C%20have%20breakfast%2C%20lunch%2C%20etc%20or%20you%20walk%20away%20and%20it%20locks%20after%205%20minutes%20per%20company%20policy%2C%20etc).%20You%20can%20no%20longer%20use%20your%20computer%20again%20until%20you%20drive%20into%20the%20office%20and%20plug%20it%20into%20the%20LAN%20if%20your%20company%20does%20not%20support%20connecting%20to%20the%20VPN%20pre-login.%20If%20the%20company%20does%20support%20VPN%20pre-login%2C%20you%20have%20to%20wait%20until%20the%20Internet%20comes%20back%20up%20before%20you%20can%20log%20back%20in%20and%20essentially%20cannot%20use%20the%20computer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20You%20are%20on%20an%208%20hour%20flight%20with%20no%20internet%20access.%20You%20lock%20your%20computer%20to%20use%20the%20restroom%2C%20when%20you%20return%20you%20can%20no%20longer%20user%20the%20device%20until%20you%20either%20return%20from%20your%20trip%20and%20get%20back%20to%20the%20office%20and%20plug%20into%20the%20network%2C%20or%20if%20you%20are%20lucky%20and%20have%20the%20ability%20to%20connect%20to%20the%20VPN%20pre-login%20(this%20is%20not%20possible%20for%20many%20organizations%20as%20the%20VPN%20is%20user%20based%20and%20requires%20passing%20MFA%20and%20conditional%20access%20for%20SAML%20auth)%20then%20you%20still%20cannot%20use%20the%20laptop%20for%20the%20rest%20of%20the%20flight.%20When%20you%20arrive%20at%20your%20hotel%2C%20if%20you%20have%20not%20connected%20to%20the%20wifi%20yet%20you%20cannot%20log%20in%20to%20connect%20and%20start%20the%20VPN.%20Just%20hope%20you%20have%20previously%20connected%20your%20laptop%20to%20you%20cell%20phone%20hotspot.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20curious%20if%20anyone%20has%20been%20able%20to%20successfully%20implement%20enforcing%20FIDO2%20for%20Windows%20login%20with%20password%20disabled%20for%20remote%20workers%20since%20Microsoft's%20November%202021%20patch%3F%20I%20wonder%20if%20%3CSTRONG%3EWindows%20Hello%20for%20Business%20Cloud%3C%2FSTRONG%3E%20Trust%20will%20be%20a%20solution%20for%20this%20problem%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3334614%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3334614%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F27877%22%20target%3D%22_blank%22%3E%40Steve%20Whitcher%3C%2FA%3E%26nbsp%3Byou%20are%20right%2C%20and%20I%20am%20aware%20of%20alternative%20solutions%2C%20however%20using%20phone%20is%20become%20common%20method%20and%20that%20concerns%20me.%20Hacking%20into%20a%20mobile%20phone%20is%20much%20easier%20than%20hacking%20a%20Windows%20operating%20system%20and%20because%20normally%20users%20associated%20their%20accounts%20in%20their%20phone%2C%20hacking%20into%20phone%20would%20give%20them%20access%20to%20credential%20and%20also%20verification%20method.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3336351%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3336351%22%20slang%3D%22en-US%22%3E%3CP%3EExcellent%20updates.%20Is%20there%20anything%20in%20the%20pipeline%20for%20Windows%20Hello%20for%20Business%20to%20be%20able%20to%20select%20from%20multiple%20identities%20on%20FIDO2%20keys%20on%20login%20with%20Azure%20AD%20joined%20devices%2C%20similar%20to%20how%20you%20can%20select%20from%20a%20list%20of%20associated%20identities%20with%20web%20authentication%20if%20you%20have%20a%20key%20on%20multiple%20accounts%20with%20different%20permission%20levels%3F%20With%20the%20keys%20we%20are%20using%20it%20seems%20to%20only%20use%20the%20last%20associated%20one%20to%20a%20key%2C%20with%20no%20similar%20selector%20today%20at%20pre-login.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20is%20there%20anything%20on%20the%20roadmap%20for%20being%20able%20to%20use%20FIDO2%20security%20keys%20during%20UAC%20privilege%20escalation%3F%20At%20present%20it%20looks%20like%20WHfB%20will%20auth%20initial%20login%20via%20security%20key%2C%20but%20when%20running%20a%20standard%20account%20normally%20and%20looking%20to%20elevate%20as%20admin%20or%20run%20as%20other%20user%20for%20some%20app%2Faction%20that%20UAC%20has%20no%20logic%20to%20use%20a%20FIDO2%20security%20key%20for%20that%20action%2Fauthentication.%20Seems%20like%20there%20is%20some%20logic%20for%20a%20WHfB%20to%20use%20a%20local%20pin%20for%20UAC%20prompts%2C%20but%20that's%20only%20a%20per%20machine%20option%20when%20pre-set%20per%20admin%20per%20system.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3339518%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3339518%22%20slang%3D%22en-US%22%3E%3CP%3EBiggest%20issue%20i%20see%20with%20paswordless%20is%20that%20once%20you%20remove%20the%20ability%20to%20use%20a%20password%20to%20login%20to%20Windows%2010.%20i.e%20login%20with%20WHfB%20and%20pin%20only%20you%20then%20have%20no%20ability%20to%20elevate%20your%20credentials%20(in%20session)as%20an%20admin%20of%20the%20device.%20This%20is%20a%20bit%20of%20a%20blocker%20for%20many%20IT%20departments.%20Is%20this%20going%20to%20be%20resolved%3F%20Or%20has%20it%20already%20and%20i%20missed%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3370980%22%20slang%3D%22en-US%22%3ERe%3A%20Expansion%20of%20FIDO%20standard%20and%20new%20updates%20for%20Microsoft%20passwordless%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3370980%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20you%20have%20any%20updates%20on%20when%20WHB%20Cloud%20Trust%20will%20become%20GA%20and%20what%20the%20current%20support%20position%20is%20while%20it%20is%20in%20%22Preview%22%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎May 05 2022 06:03 AM
Updated by: