Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments

A preview of muddy paws all over your on-prem resources, or a passwordless future?

Hybrid environments can now join the preview party for FIDO2 support in Azure Active Directory.

Microsoft has a bit of a thing about passwordless authentication. Back in 2004, then-chairman Bill Gates predicted the death of passwords because humans are terrible at managing them.

Anyone born around then will be turning 16 shortly and yet passwords still linger on.

One way to move on is via a FIDO2 security key (or something biometric on the device); the FIDO alliance has already signed up the likes of Google and Mozilla for browser authentication and back in October 2019 Microsoft unveiled a preview of FIDO2 security support in Azure Active Directory.

The problem was that while going password-free with a FIDO2 key, Microsoft's Authenticator app or Windows Hello was all well and good, but it didn't work with a hybrid-joined device, as the company acknowledged at the time.

As of this week, Microsoft is flinging open the doors to hybrid Azure AD-joined Windows 10 devices. Apparently, "this has been the top most requested feature from our passwordless customers."

Not "Ohgodohgodohgod, please make the patch pain stop."

Patch me if you can

That hybrid support means FIDO2 authentication can be used for on-premises as well as cloud resources. There are, however, some provisos. Your Windows Servers (2016 and 2019) need to be up to date on the patch front. You'll also need a refreshed version of Azure AD Connect (1.4.32.0 or later) and PCs wanting to the use the preview feature are going to have to submit to the tender mercies of the Windows Insider program.

To be precise, Windows 10 Build 18945 or later needs to be installed, quite an elderly incarnation of 20H1 for Fast Ring testers dating back to July last year. It has long been superseded, and even signing up for the more stable Slow Ring will inflict something considerably more recent on the PCs of eager users.

Interestingly, 18945 was also the Windows Server vNext Preview Build that first extended FIDO2 security keys to hybrid environments for braver admins.

As Microsoft (and chums) march towards a passwordless future, we look forward to a brave new world where forgotten strings of characters have been replaced by dropped and dangling dongles. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like