Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Details FIDO2 Security and Certificate-Based Authentication Updates

Key Takeaways:

Microsoft has announced a new feature that will let Entra ID users register and sign in using device-bound passkeys managed in Microsoft Authenticator.

The Microsoft Authenticator app for Android devices is now compliant with FIPS 140 security standards.

Microsoft has also released some updates for Entra ID Certificate-Based Authentication (CBA).

Microsoft has detailed its efforts to enable phishing-resistant authentication methods for organizations. The company is implementing several security features, including device-bound passkeys, FIDO2 support for iOS and macOS apps, and Certificate-Based Authentication updates, to enhance the overall protection for all Entra ID customers.

Microsoft has announced that it will soon introduce a new feature for its Entra ID customers. It will allow users to register and sign in to their accounts using device-bound passkeys managed in Microsoft Authenticator. A passkey is a digital credential that eliminates the need for usernames and passwords. Microsoft says that passkey support will be added to the Authenticator app in the first half of 2024.

“This is a cost-effective, phishing-resistant credential available to anyone with the Authenticator app! Passkeys provide you with the latest and greatest security enhancements that will come to the FIDO standard over the next many years – and Authenticator integration lets you take advantage of the security innovations and advanced features Authenticator provides,” Microsoft explained.

Microsoft Details FIDO2 Security and Certificate-Based Authentication Enhancements — Passkey managed in the Microsoft Authenticator app

Microsoft Authenticator to become phishing-resistant

The latest version of the Microsoft Authenticator app for Android devices is now compliant with the US government’s Federal Information Processing Standards (FIPS) 140 security standard. This compliance applies to all Entra ID authentications that use push multifactor authentications (MFA), phishing-resistant device-bound passkeys, time-based one-time passcodes (TOTP), and passwordless Phone Sign-In (PSI). The Microsoft Authenticator app for iOS is already FIPS 140 compliant.

Certificate-based Authentication updates

Last year, Microsoft announced the general availability of Certificate-based Authentication (CBA) for commercial customers. This authentication method is designed to provide an alternative to on-premises identity providers like Active Directory Federation Services (ADFS), which have been the target of attacks due to misconfigurations. Microsoft has reported an increase of over 850 percent in Entra ID CBA usage among government customers.

Microsoft has now made it possible for IT administrators to select certificate strength for different users. Additionally, administrators can configure high affinity (strong) binding for user groups or the entire tenant. Another new feature is the ability to use CBA with other multifactor or step-up authentication methods.

FIDO2 support for iOS and macOS apps

Microsoft announced that FIDO2 authentication support is available in public preview on iOS devices. The feature lets Authenticator users access Microsoft apps on iOS devices with a FIDO2 security key. Microsoft plans to bring the new phishing-resistant authentication option to macOS devices in early 2024.

Lastly, Microsoft introduced FIDO2 authentication support for select MSAL-enabled third-party apps on iOS and macOS. The Microsoft Authentication Library (MSAL) lets developers acquire tokens from the Microsoft identity platform to access secured web APIs. It ensures secure access to Microsoft Graph, third-party web APIs, custom web APIs, and other Microsoft APIs.

Last month, Microsoft announced its Secure Future Initiative to address cybersecurity threats. The initiative is focused on three pillars: AI-based cyber defense, advances in software engineering, and advocacy for more robust application of international norms to protect civilians against cyber threats.

by Rabia Noureen
Last Update: Dec 19, 2023
Dec 18, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Use Microsoft 365 Dynamic Groups to Streamline Access Management

Jul 5, 2023
Jul 13, 2023
How to Properly Secure and Govern Microsoft Entra ID Apps

Oct 19, 2023
Apr 17, 2024
Microsoft Entra ID App Registration and Enterprise App Security Explained

Oct 19, 2023
Apr 17, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.