FIDO2 authentication for Office 365

As per the research from McKinsey & Company, there is an opportunity for cybersecurity technology and service providers of $2 trillion due to the increase in digital crime because of the increase in online and mobile interactions. Please refer below report –

https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers

In this context authorization and authentication plays a vital role. Here are some standard ways of authentication-

  • Password-based authentication
  • Two-factor/multi-factor authentication
  • Biometric Authentication – Fingerprint Scanning, Facial Recognition, etc.
  • Single Sign-on
  • Token-based authentication
  • Certificate-based authentication

Microsoft has zero trust security pls refer the article –

5 reasons to adopt a Zero Trust security strategy for your business

If still business want to implement client end security there are different protocols are there.

Authentication method Protocols are –

  • Lightweight Directory Access Protocol (LDAP)
  • Password Authentication Protocol (PAP)
  • Challenge-Handshake Authentication Protocol (CHAP)
  • Extensible Authentication Protocol (EAP) 
  • Kerberos
  • OpenID
  • Security Assertion Markup Language (SAML)
  • SSL/TLS
  • Fast Identity Online (FIDO2)

Here we will discuss FIDO2 Protocol. FIDO is a standard that uses the Web Authentication API and Client to Authenticator Protocol to authenticate users via public key cryptography from a local device, such as a token or smartphone. The latest version is FIDO2.

FIDO Protocol is a product of FIDO Alliance (https://fidoalliance.org/) an open industry association that is focused on authentication standards by removing dependency on passwords.

Today we will see how we can secure our accounts by using the FIDO2 security key. Thanks to FEITIAN for shipping me ePass FIDO – NFC K9.

It’s FIDO U2F & FIDO2 Certified Security Key. A single ePass FIDO – NFCcan protect unlimited accounts across multiple websites. It supports both USB and NFC interfaces. For more information please visit – https://www.ftsafe.com/Products/FIDO/NFC

Let’s start our DIY –

Beauty of Office365 which natively support for additional authentication only need to perform certain steps.

Let’s do it.. Log in to your Microsoft Office365 account and click on Security as shown in the below snapshot

Click on Advanced Security Option -> Get started

Click on Add a new way to sign in or verify as shown in the below snapshot

Then you can see options to select the way of authentication.

When you select Use a security Key below options will display as shown in snapshots.

Using USB Device-

Using NFC Device-

Select the option as per the device configuration and click Next. You will get a prompt to create a passkey selecting External Security Key or built in sensor as shown.

Once you entered passkey system will prompt to insert the security key into the USB port and then touch on the sensor on the device.

Once setup is done please name it and click Next

Then you are all set for the FIDO key authentication as shown in below snapshot.

Now if you navigate to security you can see additional authentication.

Now you can login using Sign in with Windows Hello or a security Key .

N.B – You can try this for 2 factor authentication also to add additional layer of protection. Happy Learning!

Environments in Power Platform Admin Centre & Backup Environment

  • When user click on Environments in power platform admin center, they can see screen as per below which has options for

+ New – To create new environment

Refresh – Refresh the environment

Recover deleted environments – To recover the environment which is deleted

  • When click on + New it will popup a dialog to fill for environment creation as per below snapshot
  • When user click on recover deleted environment it will display list of deleted environments. When user click onit displays option to Recover & History as per below snapshot
  • On click of History it displays history of the environment as per below snapshot.
  • When user click onas highlighted in above snapshot user can see lot of options on top panel and on the selection panel as per below snapshot.
  • Open – Will help to open the URL in the browser to load the environment.
  • Convert to Production – If the selected environment is non-production, then it will display option to convert to Production.
  • Backups- On click of Backups system will display option to Create or Restore or manage as per below snapshot

On click of Create it will ask to label and quickly it will create a backup of the environment.

On click of Restore or manage system will display below snapshot

User can create new backup using + New Backup along with that user can see system backups by entering date and time / manual backup taken by the user.

Share Records in Dynamics CRM

  • Please Open Power Platform Admin Centre by https://aka.ms/ppac
  • Navigate to Environment –> select environment –> Settings –> Products –> Privacy + Security as per below snapshot
  • Enable Sharing as highlighted in below snapshot which will share read only record to the shared person.
  • After enabling, when user open any record they will see Share icon as per below snapshot.
  • Users need to click on email link and select the To recipient as per below snapshot.
  • Then recipient will get an email with the link.
  • In case user want to revoke the access then he/she can click on Share icon on the record and click on Manage Access.
  • Then you will see below screen which will display whom you have shared the record and select the records from which you want to revoke the access.
  • Then uncheck the privileges as per my snapshot I have unchecked Read and clicked on Share as per below snapshot and you noticed in the snapshot record is already unshared.

Learning Resources -II

Please refer below learning paths & step by step guidance for solutioning enterprise using Azure :

Azure Architect Series:

https://learn.microsoft.com/en-us/training/paths/az-400-develop-instrumentation-strategy/

https://learn.microsoft.com/en-us/training/paths/azure-well-architected-framework/

https://learn.microsoft.com/en-us/training/paths/design-identity-governance-monitor-solutions/

https://learn.microsoft.com/en-us/training/paths/design-infranstructure-solutions/

https://learn.microsoft.com/en-us/training/paths/design-data-storage-solutions/

https://learn.microsoft.com/en-us/training/paths/design-business-continuity-solutions/

https://learn.microsoft.com/en-us/training/paths/architect-data-platform/

https://learn.microsoft.com/en-us/training/paths/microsoft-azure-architect-design-prerequisites/

https://learn.microsoft.com/en-us/training/paths/researcher-introduction-to-cloud-computing/

https://learn.microsoft.com/en-us/training/paths/az-900-describe-core-azure-services/

https://learn.microsoft.com/en-us/training/paths/az-204-develop-message-based-solutions/

https://learn.microsoft.com/en-us/training/paths/architect-compute-infrastructure/

https://learn.microsoft.com/en-us/training/paths/secure-software-development-for-cybersecurity/

https://learn.microsoft.com/en-us/training/paths/az-900-describe-identity-governance-privacy-compliance-features/

Link for the Microsoft learning events organised across the globe in which you can filter by Products, Language, Preferred Time zone etc. to learn your desired Microsoft Technology

Microsoft Events Catalog

Learning Resources -I

Microsoft has introduced below programs those who are interested can avail this training & Certification which absolutely FREE.

Microsoft Power Up Program:

Microsoft Power Up Program is a 3 months program which enables non-tech professionals to successfully advance into a new career path in low-code application development using Microsoft Power Platform.

Registration Link – https://powerup.microsoft.com/

Microsoft Licensing Ready Certification:

This training & Certification provides updated information on Licensing Models on Microsoft stack of products. This will be helpful for Infra Team 😊

Registration Link – https://getlicensingready.com/