As more and more of our customers move to cloud services and applications, we must provide authentication options that are secure and easy to use. Today we announce the public preview of the compatibility of the FIDO2 security keys for the login without a password in Azure Active Directory (Azure AD). When using a FIDO2 security key, the Microsoft Authenticator application, or Windows Hello, all Azure AD users can now log in without using a password.
These strong authentication factors are based on the same class, public key / private key encryption standards and protocols, which are protected by a biometric factor (fingerprint or facial recognition) or a PIN. Users apply the biometric factor or PIN to unlock the private key stored securely in the device. Then, the key is used to demonstrate who the user is and the device for the service.
In addition, to help you start your own journey without a password, we are rolling out new public preview capabilities, including:
- A new sheet of authentication methods in your Azure AD administration portal that allows you to assign credentials no password using the FIDO2 security keys and the login without password with Microsoft Authenticator to users and groups.
- Updated capabilities in the convergent registry portal for its users to create and administer the FIDO2 security keys.
- Ability to use FIDO2 security keys to authenticate on Windows 10 devices attached to Azure AD in the latest versions of the Edge and Firefox browsers.
Many Microsoft teams have been involved in this effort to deliver on our vision of making FIDO2 technologies a reality by providing seamless, secure and password-free access to your applications and services connected to Azure AD. For more information, read Announcing the public preview of Azure AD support for login without a password based on FIDO2.