Feb 12 2021
09:32 AM
- last edited on
Jan 14 2022
04:26 PM
by
TechCommunityAP
Feb 12 2021
09:32 AM
- last edited on
Jan 14 2022
04:26 PM
by
TechCommunityAP
Is it or will it be possible to use a FIDO2 key as an MFA token? (instead of passwordless signin)
Thanks!
Feb 12 2021 11:03 AM
Feb 12 2021 01:59 PM
Feb 12 2021 03:04 PM
Feb 13 2021 05:09 PM
Feb 14 2021 03:59 AM
Feb 14 2021 04:39 AM
Feb 14 2021 04:54 AM
>> I don't understand why you would want to get the OTP code otherwise, using passwordless auth is much simpler and more secure.
True, but we are facing some limitations where a security key with PIN would be an easy to use MFA token:
1. In some auth flows we don't see the option to use a security key to log on. (eg If you do a Connect-AzureAD you can use a github account, but you don't get an option to sign in using a security key.)
2. We want to our users to register for MFA. Those without a smartphone would be offered a yubikey. But apparently you can't register a security key unless you register another MFA method (authenticator/phone/email) first.
Bart
Feb 14 2021 05:11 AM
Feb 18 2021 03:06 PM
Mar 02 2021 01:50 PM - edited Mar 02 2021 01:52 PM
Aug 30 2022 06:10 AM
@ChristianBergstrom do you know the timeline of when FIDO2 keys will be able to be used as an MFA for Windows Hello for Business? Currently you can only use Facial recognition, fingerprint, pin, bluetooth device (e.g. cell phone), etc. The process for enabling these is via GPO and making sure you put in the correct code that matches the device you are using for MFA, however I can't find what that code would be for a FIDO2 key? Multi-factor Unlock - Windows security | Microsoft Docs
Aug 08 2023 03:14 AM
Aug 08 2023 03:16 AM