New Blog | Public preview: Microsoft Entra ID FIDO2 provisioning APIs
By Alex Weinert
Today I’m excited to announce a great new way to onboard employees with admin provisioning of FIDO2 security keys (passkeys) on behalf of users.
Our customers love passkeys as a phishing-resistant method for their users, but some were concerned that registration was limited to users registering their own security keys. Today we’re announcing the new Microsoft Entra ID FIDO2 provisioning APIs that empowers organizations to handle this provisioning for their users, providing secure and seamless authentication from day one.
While customers can still deploy security keys in their default configuration to their users, or allow users to bring their own security keys which requires self-service registration by a user, the APIs allow keys to be pre-provisioned for users, so users have an easier experience on first use.
Adopting phishing-resistant authentication is critical – attackers have increased their use of Adversary-in-the-Middle (AitM) phishing and social engineering attacks to target MFA-enabled users. Phishing-resistant authentication methods, including passkeys, certificate-based authentication (CBA), and Windows Hello for Business, are the best ways to protect from these attacks.
Phishing-resistant authentication is also a key requirement of Executive Order 14028 which requires phishing-resistant authentication for all agency staff, contractors, and partners. While most federal customers use preexisting smartcard systems to achieve compliance, passkeys provide a secure alternative for their users looking for improved ways to securely sign in. With today’s release of admin provisioning, they also have a simplified onboarding process for users.
Read the full post here: Public preview: Microsoft Entra ID FIDO2 provisioning APIs
By Alex Weinert
Today I’m excited to announce a great new way to onboard employees with admin provisioning of FIDO2 security keys (passkeys) on behalf of users.
Our customers love passkeys as a phishing-resistant method for their users, but some were concerned that registration was limited to users registering their own security keys. Today we’re announcing the new Microsoft Entra ID FIDO2 provisioning APIs that empowers organizations to handle this provisioning for their users, providing secure and seamless authentication from day one.
While customers can still deploy security keys in their default configuration to their users, or allow users to bring their own security keys which requires self-service registration by a user, the APIs allow keys to be pre-provisioned for users, so users have an easier experience on first use.
Adopting phishing-resistant authentication is critical – attackers have increased their use of Adversary-in-the-Middle (AitM) phishing and social engineering attacks to target MFA-enabled users. Phishing-resistant authentication methods, including passkeys, certificate-based authentication (CBA), and Windows Hello for Business, are the best ways to protect from these attacks.
Phishing-resistant authentication is also a key requirement of Executive Order 14028 which requires phishing-resistant authentication for all agency staff, contractors, and partners. While most federal customers use preexisting smartcard systems to achieve compliance, passkeys provide a secure alternative for their users looking for improved ways to securely sign in. With today’s release of admin provisioning, they also have a simplified onboarding process for users.
Read the full post here: Public preview: Microsoft Entra ID FIDO2 provisioning APIs
