Now available are phishing-resistant options for YubiKeys and Azure AD

Microsoft has announced the availability of three new solutions that let businesses use Azure Active Directory (Azure AD) to thwart phishing attempts in environments like Azure, Office 365, and remote desktop. These solutions will be very important for lowering the number of phishing attempts and for helping organizations follow the Executive Order.

A few of these solutions are Azure Virtual Desktop (AVD), which now supports FIDO in addition to certificates, and new authentication policies that cover both certificates and FIDO.

Azure AD customers may integrate their public key infrastructure (PKI) with Azure AD and let users sign into Windows PCs and applications that are protected by Azure AD using smart card certificates encrypted with YubiKeys. Also, organizations will be able to set policies that require users to use phishing-resistant authentication, which they can do with a YubiKey, thanks to Microsoft’s new Conditional Access Authentication strength feature.

Microsoft just released these new features, which are effective tools for implementing MFA techniques that are resistant to phishing in any organization.

According to Sue Bohn, Vice President of Product Management for Microsoft’s Identity and Network Access (IDNA) business, it is critical to offer innovative identity solutions to safeguard our clients.

“We’re delighted to introduce these new tools that support important steps consumers may take in their Zero Trust journey, and Yubico has been with us every step of the way fighting against phishing assaults,” the company said.

For Azure AD, CBA is generally accessible. With the help of this functionality, organizations that already use smart cards and public key infrastructure (PKI) can sign in to Azure AD without the need for a federated server.

As part of their Zero Trust and cloud plans, organizations may now use the same YubiKey as a smart card with Azure AD, enabling them to move away from on-premises authentication systems like ADFS.

By mandating FIDO or certificate-based authentication, Microsoft has additionally improved conditional access authentication. With this new Microsoft feature, organizations can protect themselves from phishing attempts by using certain user authentication settings.

Organizations can limit authentication to meet their needs thanks to conditional access authentication’s public preview.

With these features, businesses can use YubiKeys to make sure that only YubiKeys can be used for FIDO-based passwordless authentication (FIDO2/WebAuthn) or certificate-based authentication.

By setting up Azure AD to require YubiKeys for phishing-resistant authentication, organizations can protect their most important assets and remove a whole attack surface for their most privileged users.

Yubico strongly advises that every organization should implement Conditional Access Authentication Strength policies for their administrators.

The last feature, Azure Virtual Desktops (AVD), lets users connect to their own workstations in the cloud.

No matter where they are, users using virtual desktops enjoy the same level of security and productivity.
Microsoft introduced FIDO-based passwordless authentication in AVD at Ignite.

With the help of this solution, users can log into their virtual desktop or another application while logging into AVD using their YubiKey and password-less Azure AD credentials. The AVD already works with YubiKeys and certificates for authentication. The FIDO-based password-less authentication method is an addition to that.



Leave a Reply

Your email address will not be published. Required fields are marked *