Microsoft Releases Azure AD Certificate-Based Authentication Support on iOS and Android

Microsoft today announced the release of Azure AD Certificate-based authentication (CBA) on mobile devices. As of today, YubiKey is the only external device that provides CBA support on iOS and Android to protect organizations against phishing attacks.

Microsoft announced the public preview of Azure AD certificate-based authentication (CBA) back in February for desktop users. It’s a robust service that leverages a digital certificate to validate a user or a device before granting access to a network or an application.

According to Microsoft, the new CBA feature lets customers with smart cards to authenticate Azure AD when connecting to Office mobile apps such as Microsoft Word. CBA is used across various industries because it helps organizations simplify the authentication process and reduce infrastructure costs.

“On mobile, while customers can provision user certificates on their personal mobile device to be used for authentication, this is primarily feasible for managed mobile devices. But this new public preview unlocks support for BYOD. Customers can now provision certificates on a hardware security key which can then be used for authentication with Azure AD on iOS and Android devices,” Microsoft explained.

How to set up Azure AD CBA on mobile with YubiKey

Overall, the new CBA support makes it harder for threat actors to gain unauthorized access to sensitive resources. To get started, IT admins are required to configure CBA on Azure and install the Microsoft Authenticator app on iOS and Android. Additionally, iOS users will need to download the YubiKey authenticator application.

This announcement follows the release of three new phishing-protection tools last week, including certificate-based authentication (CBA), Azure virtual desktop adding support for FIDO authenticators, and conditional access authentication.

If you want to learn more about the new solutions, Yubico will hold a webinar on November 3, 2022, at 9 AM PT. Registration for the event is free, and you can sign up on this website.