Microsoft is looking to better protect hybrid workers by connecting to Azure Active Directory (AD) via iOS or Android endpoints (Opens in a new tab) from phishing and The password (Opens in a new tab)– Theft attacks.
The company has introduced a new authentication method for the Enterprise Identity Service that it says is Certificate-Based Password Authentication (CBA), enabled through YubiKey devices. safety keyBuilt by Yubico.
According to Microsoft’s announcement, the tool will give mobile users a FIPS-certified login solution that’s completely resistant to phishing attacks.
Easy and secure authentication
“US Cybersecurity Executive Order 14028 requires phishing-resistant MFA to be used on all hardware platforms. On mobile, while customers can provide user certificates on their personal mobile devices for use in authentication, this is primarily possible for managed mobile devices.” But this new public preview unlocks support for BYOD,” Vimala Ranganathan, Microsoft Entra Product Manager, wrote in Blog Posts (Opens in a new tab) Announcing new features.
With the new solution, Microsoft AD users will be able to provide certificates with a hardware security key, allowing them to easily authenticate on mobile devices. Apple iOS users need to sign up via the Yubico Authenticator app, and copy the public certificate into the iOS keychain. After that, they can select a YubiKey certificate to log in, and enter the PIN code.
For Android users, Microsoft said Azure AD CBA support with YubiKey on an Android phone is enabled via the latest MSAL. Android users do not need the YubiKey Authenticator app, they can connect their YubiKey via USB, start the Azure AD CBA, choose the certificate from the YubiKey, enter the PIN and get authenticated.
Microsoft claims that this method of authentication reduces the chances of credential theft and identity theft, which is done through phishing or social engineering.
“Microsoft’s mobile certificate-based solution with hardware security keys is a simple, convenient, convenient, anti-phishing approach that is FIPS certified,” concluded Ranganathan.