Aug 03 2021 09:08 AM
Hi there,
we have just established a successful pilot for FIDO2 security key usage with WHfB in a hybrid environment. The key which has been registered in Azure is able to authenticate the user on all cloud apps and at the Windows 10 login screen.
For Windows Hello for business we have used the Intune policy which requires a minimum PIN length of six signs (still default), but for our FIDO2 security key it is possible to generate a 4 digit PIN. So it seems the WHfB policy does only affect the Windows 10 client, not the FIDO2 key.
Is it possible to enforce a policy which improves the security key requirements?
Kind regards,
woelki
Aug 24 2021 04:04 AM
Sep 28 2021 02:22 PM - edited Sep 28 2021 05:06 PM
Also interested in the answer to this question for Azure AD passwordless security keys
Sep 28 2021 05:04 PM - edited Sep 28 2021 05:05 PM
Oh and it would be nice to find out support for stuff like this too, these are regulatory requirements for some:
-Have no repeating digits (i.e., 112233)
-Prevent sequential patterns (i.e., 123456)
-Prevent PIN to match the Userid.
-Expiration
-Prevent new PIN from matching the previous (X) number of PINs
Oct 19 2021 11:52 PM
Oct 29 2021 10:13 PM