Home
%3CLINGO-SUB%20id%3D%22lingo-sub-981894%22%20slang%3D%22en-US%22%3EExpanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-981894%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EWe%E2%80%99re%20expanding%20the%20public%20preview%20of%20FIDO2%20security%20key%20support%20in%20Azure%20Active%20Directory%20(Azure%20AD)%20to%20hybrid%20environments%2C%20enabling%20even%20more%20customers%20to%20take%20an%20important%20step%20in%20their%20journey%20towards%20passwordless%20environments.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EIndustry%20research%20has%20shown%20that%20the%20majority%20of%20cyberattacks%20and%20breaches%20leverage%20compromised%20usernames%20and%20passwords.%20Microsoft%20has%20been%20on%20a%20journey%20to%20eliminate%20the%20use%20of%20passwords%20by%20introducing%20strong%2C%20secure%2C%20and%20easy-to-use%20alternative%20credentials%20like%20FIDO2%20security%20keys.%20These%20credentials%20provide%20stronger%20authentication%20than%20passwords%20as%20they%20leverage%20asymmetric%20public%20key%20cryptography%2C%20are%20not%20reusable%2C%20and%20are%20resistant%20to%20phishing%20attacks.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EJust%20a%20few%20months%20back%2C%20we%20announced%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAnnouncing-the-public-preview-of-Azure-AD-support-for-FIDO2%2Fba-p%2F746362%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Epublic%20preview%3C%2FA%3E%20for%20enterprise%20customers%20that%20have%20cloud%20only%20environments%2C%20enabling%20sign-in%20to%20Windows%2010%20devices%20using%20FIDO2%20security%20keys%20and%20getting%20single%20sign-on%20(SSO)%20to%20cloud%20resources.%20A%20lot%20of%20customers%20eagerly%20tried%20it%20out%20and%20gave%20a%20great%20deal%20of%20feedback%2C%20but%20one%20piece%20of%20feedback%20stood%20out%3A%20the%20need%20for%20FIDO2%20support%20in%20hybrid%20environments.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EToday%2C%20we%E2%80%99re%20thrilled%20to%20share%20that%2C%20early%20next%20year%2C%20enterprises%20with%20hybrid%20environments%20can%20enable%20passwordless%20authentication%20using%20FIDO2%20security%20keys%20for%20Azure%20Active%20Directory-Joined%20(Azure%20AD%20Joined)%20and%20Hybrid%20Azure%20AD-Joined%20Windows%2010%20devices%20and%20get%20a%20SSO%20experience%20for%20their%20cloud%20and%20on-premises%20resources!%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F154824iF1BEA9D83A240575%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22aabha-login.jpg%22%20title%3D%22aabha-login.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EThe%20expansion%20of%20Azure%20AD%20support%20for%20FIDO2%20to%20hybrid%20environments%20has%20been%20a%20huge%20collaboration%20effort%20across%20various%20teams%20within%20Microsoft%20and%20we%E2%80%99re%20proud%20to%20be%20delivering%20milestones%20like%20this%20that%20leap%20forward%20in%20our%20quest%20to%20make%20the%20passwordless%20world%20a%20reality.%20The%20preview%20of%20this%20new%20capability%20will%20be%20available%20in%20early%202020%20and%20we%20will%20update%20this%20blog%20with%20instructions%20on%20how%20to%20get%20started%2C%20so%20watch%20this%20space.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EThis%20is%20part%20of%20a%20company-wide%20effort%20to%20eliminate%20passwords.%20For%20example%2C%20with%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-IT-Pro-Blog%2FWindows-Hello-FIDO2-certification-gets-you-closer-to%2Fba-p%2F534592%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EFIDO2%20certification%20of%20Windows%20Hello%3C%2FA%3E%2C%20Microsoft%20is%20putting%20the%20900%20million%20people%20who%20use%20Windows%2010%20one%20step%20closer%20to%20a%20world%20without%20passwords.%20And%2C%20as%20announced%20at%20Microsoft%20Ignite%2C%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Faadignite19%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Enew%20updates%20in%20Azure%20Active%20Directory%3C%2FA%3E%2C%20include%20innovations%20that%20directly%20empower%20customers%20in%20their%20evolution%20towards%20more%20secure%2C%20passowordless%20environments.%3C%2FP%3E%0A%3CP%20style%3D%22margin-top%3A%2020px%3B%22%3EFor%20resources%20on%20the%20benefits%20of%20passwordless%2C%20as%20well%20as%20solutions%20and%20strategies%20to%20help%20you%20in%20your%20own%20journey%2C%20visit%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fgopasswordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eaka.ms%2Fgopasswordless%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-981894%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20public%20preview%20of%20FIDO2%20security%20key%20support%20in%20Azure%20AD%20is%20expanding%20to%20hybrid%20environments.%20Learn%20more.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-981894%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-985123%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-985123%22%20slang%3D%22en-US%22%3E%3CP%3EExcellent%20news%2C%20really%20looking%20forward%20to%20trying%20this%20out%20as%20soon%20as%20possible!%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-987144%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987144%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20wonderful%20news%20%3A)%3C%2Fimg%3E%20Cannot%20wait%20until%20this%20becomes%20available%20in%20our%20tenant.%20On%20to%20a%20passwordless%20world!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1013553%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1013553%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20this%20require%26nbsp%3BHybrid%20Windows%20Hello%20for%20Business%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1032334%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1032334%22%20slang%3D%22en-US%22%3EWill%20this%20be%20in%20Windows%2010%2020H1%3F%20How%20can%20I%20try%20this%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1070781%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1070781%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20there%20any%20plans%20to%20support%20FIDO%20U2F%3F%20Asking%20because%20Google%20and%20others%20do%20it%20and%20from%20a%20key%20perspective%20(Let's%20take%20into%20consideration%20the%20Yubikey%20FIPS%20series%20which%20work%20completely%20offline)%2C%20for%20Microsoft%2C%20it%20needs%20an%20authenticator%20app%20but%20not%20for%20other%20platforms%20like%20Google%2FFacebook%20which%20seems%20to%20be%20a%20bummer.%20The%20available%20options%20then%20become%20to%20install%20these%20separate%20applications%20(very%20difficult%20in%20secure%20facilities)%20or%20upgrade%20all%20the%20keys%20to%20which%20support%20FIDO2.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1102465%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1102465%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F200823%22%20target%3D%22_blank%22%3E%40Aabha%20Thipsay%3C%2FA%3E%26nbsp%3B%20can%20you%20please%20let%20us%20know%20whats%20the%20timeline%20for%20this%20to%20be%20in%20preview.%20We%20are%20eagerly%20waiting%20to%20test%20this.%26nbsp%3B%20Our%20devices%20are%20Hybrid%20AADj%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1121408%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1121408%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20we%20got%20a%20firmer%20date%20on%20when%20this%20is%20likely%20to%20land%20as%20we're%20very%20interested%20in%20the%20hybrid%20device%20joined%20support%2C%20are%20there%20any%20private%20pilots%20programs%20we%20can%20join%20for%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1103870%22%20slang%3D%22en-US%22%3ERe%3A%20Expanding%20Azure%20Active%20Directory%20support%20for%20FIDO2%20preview%20to%20hybrid%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1103870%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20also%20hoping%20to%20get%20an%20update%20on%20this%20timeline.%26nbsp%3B%20%26nbsp%3BLot's%20of%20interest%20in%20working%20with%20FIDO2%20but%20most%20of%20the%20folks%20in%20my%20area%20have%20hybrid%20joined%20devices.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F200823%22%20target%3D%22_blank%22%3E%40Aabha%20Thipsay%3C%2FA%3E%26nbsp%3Bfor%20this%20post%2C%26nbsp%3B%20I%20keep%20checking%20this%20blog%20post%20hoping%20for%20an%20update%2C%26nbsp%3B%20any%20chance%20you%20could%20give%20us%20a%20bit%20of%20an%20idea%20for%20the%20roadmap%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

We’re expanding the public preview of FIDO2 security key support in Azure Active Directory (Azure AD) to hybrid environments, enabling even more customers to take an important step in their journey towards passwordless environments.

Industry research has shown that the majority of cyberattacks and breaches leverage compromised usernames and passwords. Microsoft has been on a journey to eliminate the use of passwords by introducing strong, secure, and easy-to-use alternative credentials like FIDO2 security keys. These credentials provide stronger authentication than passwords as they leverage asymmetric public key cryptography, are not reusable, and are resistant to phishing attacks.

Just a few months back, we announced the public preview for enterprise customers that have cloud only environments, enabling sign-in to Windows 10 devices using FIDO2 security keys and getting single sign-on (SSO) to cloud resources. A lot of customers eagerly tried it out and gave a great deal of feedback, but one piece of feedback stood out: the need for FIDO2 support in hybrid environments.

Today, we’re thrilled to share that, early next year, enterprises with hybrid environments can enable passwordless authentication using FIDO2 security keys for Azure Active Directory-Joined (Azure AD Joined) and Hybrid Azure AD-Joined Windows 10 devices and get a SSO experience for their cloud and on-premises resources!

aabha-login.jpg

The expansion of Azure AD support for FIDO2 to hybrid environments has been a huge collaboration effort across various teams within Microsoft and we’re proud to be delivering milestones like this that leap forward in our quest to make the passwordless world a reality. The preview of this new capability will be available in early 2020 and we will update this blog with instructions on how to get started, so watch this space.

This is part of a company-wide effort to eliminate passwords. For example, with the FIDO2 certification of Windows Hello, Microsoft is putting the 900 million people who use Windows 10 one step closer to a world without passwords. And, as announced at Microsoft Ignite, new updates in Azure Active Directory, include innovations that directly empower customers in their evolution towards more secure, passowordless environments.

For resources on the benefits of passwordless, as well as solutions and strategies to help you in your own journey, visit aka.ms/gopasswordless.

12 Comments
New Contributor

Excellent news, really looking forward to trying this out as soon as possible! :)

Contributor

This is wonderful news :) Cannot wait until this becomes available in our tenant. On to a passwordless world!

Occasional Contributor

Will this require Hybrid Windows Hello for Business?

Regular Visitor
Will this be in Windows 10 20H1? How can I try this?
Occasional Visitor

Are there any plans to support FIDO U2F? Asking because Google and others do it and from a key perspective (Let's take into consideration the Yubikey FIPS series which work completely offline), for Microsoft, it needs an authenticator app but not for other platforms like Google/Facebook which seems to be a bummer. The available options then become to install these separate applications (very difficult in secure facilities) or upgrade all the keys to which support FIDO2.

Senior Member

@Aabha Thipsay  can you please let us know whats the timeline for this to be in preview. We are eagerly waiting to test this.  Our devices are Hybrid AADj 

Regular Visitor

I was also hoping to get an update on this timeline.   Lot's of interest in working with FIDO2 but most of the folks in my area have hybrid joined devices.  

 

Thanks @Aabha Thipsay for this post,  I keep checking this blog post hoping for an update,  any chance you could give us a bit of an idea for the roadmap?

 

Occasional Visitor

Have we got a firmer date on when this is likely to land as we're very interested in the hybrid device joined support, are there any private pilots programs we can join for this.

Have customer very interested in testing this out.  Timeline update for private preview yet?

New Contributor

It’s a shame to see no interaction from MS staff on this. I’ve however seen comment on Twitter that it’s basically feature complete now, and waiting on Windows 20H1, so I guess that must mean a April release is planned.

Microsoft

FIDO2 support for Hybrid Environments is now available in Public Preview. For more details, visit https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-su...

Microsoft

@Steve Prentice Apologies for the delay in response on this thread. We are in public preview for this feature now https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-su...