Microsoft launches passwordless authentication for Azure AD on iOS and Android

By Scott Marlette Last updated Nov 4, 2022

Microsoft is looking to better protect hybrid workers connecting to its Azure Active Directory (AD) service via iOS or Android endpoints (opens in new tab) from phishing and password (opens in new tab)-stealing attacks.

The company has introduced a new authentication method for the enterprise identity service that it says is a paswordless, certificate-based authentication (CBA) one, enabled through the YubiKey hardware security key, built by Yubico.

According to Microsoft’s announcement, the tool will give mobile users Federal Information Processing Standards (FIPS) certified login solution, fully resistant to phishing attacks.

Easy and secure authentication

“U.S. cybersecurity Executive Order 14028 requires the use of phishing-resistant MFA on all device platforms. On mobile, while customers can provision user certificates on their personal mobile device to be used for authentication, this is primarily feasible for managed mobile devices. But this new public preview unlocks support for BYOD,” Vimala Ranganathan, product manager of Microsoft Entra, wrote in the blog post (opens in new tab) announcing the new features.

With the new solution, Microsoft AD users will be able to provision certificates with a hardware security key, allowing them to easily authenticate on mobile devices. Apple’s iOS users need to register via the Yubico Authenticator app, and copy the public certificate into the iOS keychain. After that, they can select the YubiKey certificate to sign in, and enter the PIN code.

For Android users, Microsoft said Azure AD CBA support with YubiKey on Android mobile is enabled via the latest MSAL. Android users don’t need the YubiKey Authenticator app, as they can plug in their YubiKey via USB, initiate Azure AD CBA, pick the certificate from YubiKey, enter the PIN and get authenticated.

Microsoft claims this authentication method minimizes the chances of credential theft and identity theft, done through phishing or social engineering.

“Microsoft’s mobile certificate-based solution coupled with the hardware security keys is a simple, convenient FIPS-certified phishing-resistant MFA method,” Ranganathan concluded.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.