Does Azure Support FIDO2? A Quick Lesson in Passwordless Authentication

15 Oct 2023

Azure and FIDO2 – A Partnership in Zero-Trust Security

The short answer is exactly that, short. Yes, Azure does support FIDO2!

Now let’s be VERY clear, there is one glaring exception to this rule (isn’t there always when it comes to Microsoft?): FIDO2 doesn’t work on iOS apps and for FIDO on prem you have to set up a less than ideal connection. So, you’ll also need certificate-based authentication enabled to really accomplish what you’re trying to. That said, it’s relatively simple to enable for most everyday Azure practitioners, and you can read all about how to go passwordless in azure with CBA and FIDO over on our blog…

… Do you know what else supports FIDO2? Entra ID! …you know, because of the Azure AD rebrand? Whatever you’re choosing to call it these days, Microsoft’s identity and access management (IAM) cloud solution fully supports FIDO2 security keys. This is a testament to Microsoft’s steadfast commitment to fortify passwordless authentication options for its users. When integrated with Azure AD, FIDO2 security keys serve as an excellent defense against phishing, man-in-the-middle, and socially engineered attacks that exploit weak or reused passwords.

Why Use Hardware Keys?

There are many reasons to use hardware keys:

- Simple to use — just touch the Key to verify, enter your pin and you’re in. Provide modern, phishing-resistant MFA.

- Hardware keys are incredibly reliable.

- Eliminate the need to reach for your phone to open an app, or to memorize and type in a code.

- Use NFC for mobile authentication.

- Option to leave it plugged into your laptop or USB hub.

- Durable – even survives the washing machine!

- Don’t require batteries, WiFi, or network connection to work.

The Lesson

Azure’s, or Entra ID’s…whatever it is, support for FIDO2 is a significant step toward a more secure and passwordless future. As cyber threats become increasingly sophisticated, relying solely on passwords is becoming untenable. Solutions like FIDO2 hardware keys offer robust, user-friendly, and secure alternatives to the conventional password-based authentication of old. With Azure AD, supporting these solutions, organizations have a powerful tool in their security arsenal.

Where Do I Go From Here?

Well, I’d certainly encourage you to do some more research into FIDO2 hardware keys, more specifically, how to deploy them across various environments. If you’re looking into a hybrid deployment, check out this blog on how to go passwordless on-prem with FIDO2. Alternatively, if you’re interested in learning more about the quirks of deploying FIDO2 keys in a cloud-only instance, allow me to point you here. …and I’d be remiss to not remind you that we quite literally dedicate our lives to making this easy for you. Check out EZCMS, the one stop shop for going passwordless using FIDO2!