check before: 2024-09-15
Product:
Entra
Platform:
Online, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Entra ID introduces FIDO2 provisioning APIs in public preview, enabling pre-provisioning of security keys for users, simplifying onboarding, and ensuring phishing-resistant authentication. Rollout begins mid-September 2024, with completion by late September. No admin action is required for the rollout.
Details:
Microsoft Entra ID now supports FIDO2 provisioning via API, allowing organizations to pre-provision security keys (passkeys) for users. These new APIs can simplify user onboarding and provide seamless phishing-resistant authentication on day one for employees.
[When this will happen:]
Public Preview: We will begin rolling out mid-September 2024 and expect to complete by late September 2024.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-09-05
updated:
2024-09-05
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Onboarding Experience
Without proper preparation, users may face confusion or delays during the onboarding process as they may not be familiar with the new FIDO2 security keys, leading to potential frustration and decreased productivity.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2
Security Awareness
If users are not adequately informed about the new phishing-resistant authentication methods, they may inadvertently expose themselves to security risks, undermining the intended benefits of the FIDO2 provisioning.
- roles: End Users, Security Officers
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2
Configutation Options**
Enable FIDO2 Passkeys for Users
Admins can enable passkey authentication methods through the Authentication method policy, allowing users to utilize FIDO2 security keys for secure authentication.
- technical instructions: 1. Go to the Azure portal. 2. Navigate to 'Azure Active Directory'. 3. Select 'Security' > 'Authentication methods'. 4. Choose 'Policies' and enable the FIDO2 security key option.
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2
Pre-Provisioning of FIDO2 Security Keys
Utilize the new FIDO2 provisioning APIs to pre-provision security keys for users, simplifying the onboarding process and enhancing security.
- technical instructions: 1. Access the FIDO2 provisioning API documentation. 2. Implement the API calls to provision security keys for users as per your organizational needs. 3. Ensure that the keys are registered and associated with the respective user accounts.
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2
IT Security**
XXXXXXX ... paid membership only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.