User Profile
RGFUK
Copper Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Re: PIM role activation but only with FIDO2-based MFA?
Ondrej_Hlavacek This is possible now by creating an authentication context, called for example "Require FIDO2 security key", and then making the authn context a condition of a conditional access policy. Another possibility is to use authentication strength as a requirement under the grant section of the policy. That allows you to choose phishing-resistant MFA, which would include a hardware key. See for example the blogs written by Kaido Jarvemets or Kenneth van Surksum: https://www.kaidojarvemets.com/better-together-azure-active-directory-privileged-identity-management-and-authentication-context/ https://www.vansurksum.com/2023/02/20/azure-ad-conditional-access-authentication-context-now-also-available-for-azure-ad-privileged-identity-management/2.7KViews0likes0CommentsPIM role activation but only with FIDO2-based MFA?
Hi there, It's currently possible to define an authentication method policy so that FIDO2 security keys can only be used by a select number of users or groups (that is, in the Azure portal under Security > Authentication methods > FIDO2 Security Key > FIDO2 Security Key settings). For a user who is eligible for an Azure AD admin role which is managed via PIM, if MFA is required to activate that role, is it possible to limit the choice of MFA to only a FIDO2 security key? This would be for a scenario where a standard user sign-in to the Azure portal would be secured using MFA (for example, using the Microsoft Authenticator), but activating an admin role through PIM would require the use of a FIDO2 security key instead. My Sign-Ins ( https://mysignins.microsoft.com/security-info) lets you select a default sign-in method under Security info (for example, Microsoft Authenticator - notification, or Authenticator app or hardware token - code), but I can't see a setting in the Azure portal to specify a FIDO2 security key as a default or preferred MFA method. Has anyone had success in making a FIDO2 security key the default MFA method, in particular when working with PIM?3.4KViews0likes3Comments
Groups
Recent Blog Articles
Re: Securely manage and autofill passwords across all your mobile devices with Microsoft Authenticat
marcelovitalno manual step that I'm aware of in the Autofill extension's settings. I had an update pending in Edge (an amber/orange icon shown in the top right corner of a browser tab), and after qu...0likes0CommentsRe: Securely manage and autofill passwords across all your mobile devices with Microsoft Authenticat
Rajat Luthraunclerunkleeventually it might also be nice to see detection of leaked credentials, or for example integration with Troy Hunt's Have I Been Pwned? service (https://haveibeenpwned.com/A...Re: Securely manage and autofill passwords across all your mobile devices with Microsoft Authenticat
Thanks toRajat Luthraand team for investigating the password synch issued I mentioned on 13th Feb. The Autofill extension in Edge was updated to version 1.0.1, and I'm now seeing passwords synchron...Re: Securely manage and autofill passwords across all your mobile devices with Microsoft Authenticat
I had passwords saved via the Microsoft Autofill extension, installed in Edge on my desktop PC, but noticed that after updating Edge to88.0.705.68, all but the most recently saved password have disa...Re: Securely manage and autofill passwords across all your mobile devices with Microsoft Authenticat
I'm really enjoying the new feature, especially coupled with the Microsoft Autofill extension in Edge (more so, when credentials are discovered automatically once I sign into a website using my curre...