Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Launches Azure AD Certificate-Based Authentication (CBA) on Mobile Devices

Last year, Microsoft released a public preview of Azure Active Directory certificate-based authentication (CBA) on mobile. The company announced yesterday that Azure AD CBA support is now generally available on iOS and Android devices.

The new security solution allows IT admins to provision certificates with a hardware security key for authentication on mobile devices. The company explained that its FIPS Federal Information Processing Standards)-certified helps to protect users against phishing attacks.

“We support both on-device certificates and external hardware security keys, like YubiKeys over USB or NFC on iOS and Android devices. With Bring Your Own Device (BYOD) on the rise, this feature will give you the ability to require phishing-resistant multi-factor authentication (MFA) on mobile without having to provision certificates on the user’s mobile device,” explained Vimala Ranganathan, Product Manager for Microsoft Entra.

According to Microsoft, Android users can leverage the latest MSAL support to enable Azure AD CBA support on their mobile devices. They can use the USB to plug in their YubiKey, select a certificate and, enter the PIN to access the app.

How the Azure AD certificate-based authentication (CBA) feature works?

On iOS, users will first need to register through the Yubico Authenticator app. Then, they can copy YubiKey’s public certificate into the iOS keychain. Finally, iOS users can choose the YubiKey certificate for authentication and enter a unique PIN code.

azure ad certificate based authentication cba mobile — Azure AD CBA on iOS mobile with YubiKey

Microsoft’s Azure Azure AD CBA feature should help to prevent credential theft via social engineering or phishing attacks in hybrid environments. The company plans to introduce certificate filtering capabilities and support for additional smart card providers.

The passwordless authentication market continues to grow

Last year, Microsoft, Google, and Apple announced a partnership to expand passwordless login support across all major platforms. Since then, many security providers have been working on their own passwordless authentication solutions. The global passwordless authentication market is expected to grow to $53.64 billion by 2030.

The announcement comes just a few days after Google announced passkey support for Google accounts. It enables users to sign in to applications and websites with a screen-lock PIN or biometrics. This approach makes it difficult for threat actors to get unauthorized access to users’ accounts.

by Rabia Noureen
May 5, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Properly Secure and Govern Microsoft Entra ID Apps

Oct 19, 2023
Apr 17, 2024
Microsoft Entra ID App Registration and Enterprise App Security Explained

Oct 19, 2023
Apr 17, 2024
What is Azure AD B2C?

Feb 7, 2024
Feb 12, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.