MC883192 – Public Preview: Microsoft Entra ID FIDO2 provisioning APIs

cloudscout.one Icon

check before: 2024-09-15

Product:

Entra

Platform:

Online, World tenant

Status:

Change type:

New feature, User impact, Admin impact

Links:

Details:

Summary:
Microsoft Entra ID introduces FIDO2 provisioning APIs in public preview, enabling pre-provisioning of security keys for users, simplifying onboarding, and ensuring phishing-resistant authentication. Rollout begins mid-September 2024, with completion by late September. No admin action is required for the rollout.

Details:
Microsoft Entra ID now supports FIDO2 provisioning via API, allowing organizations to pre-provision security keys (passkeys) for users. These new APIs can simplify user onboarding and provide seamless phishing-resistant authentication on day one for employees.
[When this will happen:]
Public Preview: We will begin rolling out mid-September 2024 and expect to complete by late September 2024.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-09-05

updated:
2024-09-05

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Direct effects for Operations**

User Onboarding Experience
Without proper preparation, users may face confusion or delays during the onboarding process as they may not be familiar with the new FIDO2 security keys, leading to potential frustration and decreased productivity.
   - roles: End Users, IT Support Staff
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2

Security Awareness
If users are not adequately informed about the new phishing-resistant authentication methods, they may inadvertently expose themselves to security risks, undermining the intended benefits of the FIDO2 provisioning.
   - roles: End Users, Security Officers
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2

Configutation Options**

Enable FIDO2 Passkeys for Users
Admins can enable passkey authentication methods through the Authentication method policy, allowing users to utilize FIDO2 security keys for secure authentication.
   - technical instructions: 1. Go to the Azure portal. 2. Navigate to 'Azure Active Directory'. 3. Select 'Security' > 'Authentication methods'. 4. Choose 'Policies' and enable the FIDO2 security key option.
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2

Pre-Provisioning of FIDO2 Security Keys
Utilize the new FIDO2 provisioning APIs to pre-provision security keys for users, simplifying the onboarding process and enhancing security.
   - technical instructions: 1. Access the FIDO2 provisioning API documentation. 2. Implement the API calls to provision security keys for users as per your organizational needs. 3. Ensure that the keys are registered and associated with the respective user accounts.
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-enable-passkey-fido2

IT Security**

XXXXXXX ... paid membership only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Share to MS Teams

Login to your account

Welcome Back, We Missed You!