Versions Compared

Old Version 1

changes.mady.by.user Unknown User (csc)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (csc)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Question

How can I enable Microsofts Policy to Support FIDO?

Answer

This is Part 1 of a 2 part series on how toenable Microsoft's FIDO Support.

Please follow the steps below:


UI Text Box
sizemedium
typewarning

To proceed with this guide, Domain Admin priviliges are necessary!

...

borderStyledashed
titleStep-by-Step

Please follow the steps below to enable FIDO support

  1. go to https://admin.microsoft.com/AdminPortal/Home#/homepage
  2. ...


Follow the steps below to enable your AirID FIDO for your Azure Domain

To use your AirID FIDO2 functionality, you first need to enable its method on your Azure Active directory. To do so, please follow the steps below, as well as to check out our other guides explaining all parts of the journey to fully utilize the AirID FIDO.



UI Text Box
sizemedium
typetip

Contents of this Page:

Table of Contents



1 Go to the Azure Dashboard Portal


Image Added


UI Text Box
typeinfo

Open the link* and enter your Domain Admin credentials. 


*https://portal.azure.com



2 Navigate to the 'Azure Active Directory' section

Image Added


UI Text Box
typeinfo

The Azure dashboard can be a little confusing at times, the easiest way to access the option we're reffering to is navigating through the Azure Active Directory Section, which if not located on the left panel, can be found in the 'all services' section or via the search bar.



3  Open the "Security" section

Image Added

Image Added


UI Text Box
typeinfo

In the Azure Active Directory Section go the 'Security' tab. It'll be located on the second navigation panel.



4 Go to "Authentication Methods"

Image Added


UI Text Box
typeinfo

Again, as with the security tab, now select the 'Authentication methods' section.


5 Select "FIDO2 Security Key" Method

Image Added


UI Text Box
typeinfo

In this screen we can now set different Authentication Methods supported by Microsoft.

For this guide we will focus on the AirID FIDO so we skip the "Microsoft Authenticator" and the "Text message (preview)".


In regards to the "Temporary Access Pass (preview)" this functionality will allow us to invite users to setup their AirID FIDO security key and bypass possible 2nd factor enrollments. But this will be covered in another article.






6 Configure FIDO2 Security Key Method

Image Added


UI Text Box
typeinfo

Now we can setup our Microsoft Policy for our AirID FIDO. 

Check the table for information on the different options


Presented OptionsDescription
Enablesign inat this stage we can decide if we want to enable this FIDO2 method given the below options. It is then accessible for both sign in and Strong authentication.
Strong authentication
TargetAll usersWe can target both 'all users' or selected users as either individuals or sorted by groups which are defined in azures group section
Selected users
GeneralAllow self-service set upThis options lets users the option to roll out their own fido keys - at the moment we'd suggest leaving this option on 'yes' 
enforce attestationThis option refers the 'Key attestation' of the FIDO2 protcol ä at the current state we'd also suggest leaving this option on 'no'
Key Restriction Policyenforce key restrictionWith this 'yes/no' option we're able to restrict the keys used by their AAGUID
restrict specific keyswith the 'allow/block' option we have the possibility to white/blacklist these keys



7 Save 'FIDO2 Security Key' Setting

Image Added


UI Text Box
typeinfo


After our settings have been done we can save the Settings and enablement of the FIDO Policy for your AirID FIDO has been done.

Next up we have articles describing the roll-out requirements for your devices to use the complete functions of your AirID FIDO.

Content by Label
showLabelsfalse
max5
spacesPM
showSpacefalse
sortmodified
reversetrue
typepage
excerptTypesimple
cqllabel = "faq" and type = "page" and space = "DEMTHSP"
labelskb-troubleshooting-article

Was this answer helpful?

Please rate & help us to improve our FAQ.

...