Azure Verifiable Credentials are Microsoft’s response to the question of how you can validate that your new employee is who they say they are when they are onboarding to your organization. They even want to go further and have organizations such as Universities add the person’s degrees and other information into verifiable credentials which would allow organizations to validate the education of the person. While this sounds promising and cool (let’s ignore the privacy concerns), it has not been adopted by most organizations, partly because if you try to setup Azure Verifiable credentials you will realize that it feels more like a project created by an intern than a Microsoft product (you have to manually setup your own resources and run the infrastructure for verifiable credentials).
While in the demo they do use verifiable credentials for user onboarding, Microsoft Verifiable Credentials cannot be used to directly setup (without setting up a less secure MFA option) FIDO2 credentials or smartcards for Azure CBA. However, while Microsoft might not support the amazing future they promised with verifiable credentials, EZCMS a tool created by an ex-Microsoft identity engineer lead team, is able to do that all from the Azure Portal. As you can see in the video below a new employee can scan their government ID and Face to enroll their YubiKey with FIDO2 credentials and Smartcard.
EZCMS does not stop at government ID validation, it also protects you from supply chain attacks by using industry leading attestation ensuring that the YubiKey you sent your user is the same they received. The best part is that this tool makes passwordless authentication available for everyone. In less than an hour you can have your own instance and issue your first government ID validated card. See the video below and let us know what you think!