FIDO2 authentication for Office 365

Goloknath

As per the research from McKinsey & Company, there is an opportunity for cybersecurity technology and service providers of $2 trillion due to the increase in digital crime because of the increase in online and mobile interactions. Please refer below report –

https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers

In this context authorization and authentication plays a vital role. Here are some standard ways of authentication-

  • Password-based authentication
  • Two-factor/multi-factor authentication
  • Biometric Authentication – Fingerprint Scanning, Facial Recognition, etc.
  • Single Sign-on
  • Token-based authentication
  • Certificate-based authentication

Microsoft has zero trust security pls refer the article –

5 reasons to adopt a Zero Trust security strategy for your business

If still business want to implement client end security there are different protocols are there.

Authentication method Protocols are –

  • Lightweight Directory Access Protocol (LDAP)
  • Password Authentication Protocol (PAP)
  • Challenge-Handshake Authentication Protocol (CHAP)
  • Extensible Authentication Protocol (EAP) 
  • Kerberos
  • OpenID
  • Security Assertion Markup Language (SAML)
  • SSL/TLS
  • Fast Identity Online (FIDO2)

Here we will discuss FIDO2 Protocol. FIDO is a standard that uses the Web Authentication API and Client to Authenticator Protocol to authenticate users via public key cryptography from a local device, such as a token or smartphone. The latest version is FIDO2.

FIDO Protocol is a product of FIDO Alliance (https://fidoalliance.org/) an open industry association that is focused on authentication standards by removing dependency on passwords.

Today we will see how we can secure our accounts by using the FIDO2 security key. Thanks to FEITIAN for shipping me ePass FIDO – NFC K9.

It’s FIDO U2F & FIDO2 Certified Security Key. A single ePass FIDO – NFCcan protect unlimited accounts across multiple websites. It supports both USB and NFC interfaces. For more information please visit – https://www.ftsafe.com/Products/FIDO/NFC

Let’s start our DIY –

Beauty of Office365 which natively support for additional authentication only need to perform certain steps.

Let’s do it.. Log in to your Microsoft Office365 account and click on Security as shown in the below snapshot

Click on Advanced Security Option -> Get started

Click on Add a new way to sign in or verify as shown in the below snapshot

Then you can see options to select the way of authentication.

When you select Use a security Key below options will display as shown in snapshots.

Using USB Device-

Using NFC Device-

Select the option as per the device configuration and click Next. You will get a prompt to create a passkey selecting External Security Key or built in sensor as shown.

Once you entered passkey system will prompt to insert the security key into the USB port and then touch on the sensor on the device.

Once setup is done please name it and click Next

Then you are all set for the FIDO key authentication as shown in below snapshot.

Now if you navigate to security you can see additional authentication.

Now you can login using Sign in with Windows Hello or a security Key .

N.B – You can try this for 2 factor authentication also to add additional layer of protection. Happy Learning!

Published by Goloknath

Microsoft Dynamics 365, Power Platform enthusiast having around 15 years of experience with complete SDLC. Along with that active Community Lead, MCT and Speaker.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s