cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

martinj
Brass Contributor

‎May 18 2022 01:11 PM

‎May 18 2022 01:11 PM

What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

Using FIDO2 devices physically attached to the Hyper-V host in a virtual machine is greatly needed, for instance for PAWs, where the user on his not-locked-down desktop/production-apps VM needs to do FIDO2 logins.

 

And now that Microsoft has commited to accellerate passwordless platforms , one would expect it to be a priority.

 

MS employees have said a year ago, that it was on the roadmap.

But when can we expect to see it coming?

Labels:
4,018 Views
0 Likes
6 Replies
Reply
6 Replies
Kalimanne J

‎May 30 2022 04:35 PM

‎May 30 2022 04:35 PM

Re: What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

Has anyone heard anything on this?

The PAW is supposed to be a physical machine; not a VM.
Also, would using Yubikeys as smartcards instead of FIDO2 keys be an alternative for Hyper-V VMs until FIDO2 support is available?
0 Likes
Reply
Mypetr

‎Apr 11 2023 09:54 AM

‎Apr 11 2023 09:54 AM

Re: What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

Interested in FIDO2 passthrough also, because of PAWs use.

btw: Current Microsoft recommendation regarding PAWs/SAWs is to have both admin+user OSes as virtual machines

0 Likes
Reply
Kalimanne J

‎Apr 11 2023 10:20 AM

‎Apr 11 2023 10:20 AM

Re: What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

Where are you seeing this “current” recommendation that a PAW should be a VM?
I have only seen Microsoft recommending VMs for creating a lab environment for testing.
They have always recommended that the PAW be on a locked down physical device and you run a VM or have a separate device for your non-admin use. They recommended that the PAW be physical so that a compromised VM host doesn’t compromise the virtualized PAW. They have always said to not sign-in to a higher privileged device from a lower privileged device.
0 Likes
Reply
Mypetr

‎Apr 11 2023 11:57 AM - edited ‎Apr 11 2023 12:01 PM

‎Apr 11 2023 11:57 AM - edited ‎Apr 11 2023 12:01 PM

Re: What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

@Kalimanne J here under “Secure devices” section https://www.microsoft.com/insidetrack/blog/improving-security-by-protecting-elevated-privilege-accou...

0 Likes
Reply
Kalimanne J

‎Apr 15 2023 05:51 PM - edited ‎Apr 15 2023 06:01 PM

‎Apr 15 2023 05:51 PM - edited ‎Apr 15 2023 06:01 PM

Re: What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

I don’t see anywhere there that they are recommending against the SAW being a physical machine.
That link has a story that talks about them internally deploying proprietary customized, very locked down laptops with both the SAW and their everyday machine running as VMs on it.
It does not seem applicable to everyone else.
The base host laptop has to be locked down at least as much as a SAW would be or it will become a source of compromise and would make the SAW VM running on it also subject to compromise.
With that setup, you are running 3 operating systems that need management and patching, plus the laptop has to be powerful enough to run the local OS plus 2 additional copies of Windows as VMs and have licensing to do that.

Does not look practical!

0 Likes
Reply
Scottechapman

‎Nov 21 2023 05:44 PM

‎Nov 21 2023 05:44 PM

Re: What is the roadmap for FIDO2 passthrough from Hyper-V host to VM?

What about if I’m an engineer and I have the option to run AWS commands in Powershell, but I would prefer to use a Linux environment in WSL for that. I would have to let WSL access my hardware device correct?
0 Likes
Reply