Update 05.06.2020: For an update on the scenarios discussed in this post, see Alex Simons' February 2020 post, Public preview of Azure AD support for FIDO2 security keys in hybrid environments.
We’re expanding the public preview of FIDO2 security key support in Azure Active Directory (Azure AD) to hybrid environments, enabling even more customers to take an important step in their journey towards passwordless environments.
Industry research has shown that the majority of cyberattacks and breaches leverage compromised usernames and passwords. Microsoft has been on a journey to eliminate the use of passwords by introducing strong, secure, and easy-to-use alternative credentials like FIDO2 security keys. These credentials provide stronger authentication than passwords as they leverage asymmetric public key cryptography, are not reusable, and are resistant to phishing attacks.
Just a few months back, we announced the public preview for enterprise customers that have cloud only environments, enabling sign-in to Windows 10 devices using FIDO2 security keys and getting single sign-on (SSO) to cloud resources. A lot of customers eagerly tried it out and gave a great deal of feedback, but one piece of feedback stood out: the need for FIDO2 support in hybrid environments.
Today, we’re thrilled to share that, early next year, enterprises with hybrid environments can enable passwordless authentication using FIDO2 security keys for Azure Active Directory-Joined (Azure AD Joined) and Hybrid Azure AD-Joined Windows 10 devices and get a SSO experience for their cloud and on-premises resources!
The expansion of Azure AD support for FIDO2 to hybrid environments has been a huge collaboration effort across various teams within Microsoft and we’re proud to be delivering milestones like this that leap forward in our quest to make the passwordless world a reality. The preview of this new capability will be available in early 2020 and we will update this blog with instructions on how to get started, so watch this space.
This is part of a company-wide effort to eliminate passwords. For example, with the FIDO2 certification of Windows Hello, Microsoft is putting the 900 million people who use Windows 10 one step closer to a world without passwords. And, as announced at Microsoft Ignite, new updates in Azure Active Directory, include innovations that directly empower customers in their evolution towards more secure, passowordless environments.
For resources on the benefits of passwordless, as well as solutions and strategies to help you in your own journey, visit aka.ms/gopasswordless.