Question
How can I enable Microsofts Policy to Support FIDO?
Answer
This is Part 1 of a 2 part series on how toenable Microsoft's FIDO Support.
Please follow the steps below:
UI Text Box |
---|
|
To proceed with this guide, Domain Admin priviliges are necessary! |
...
borderStyle | dashed |
---|
title | Step-by-Step |
---|
Please follow the steps below to enable FIDO support
- go to https://admin.microsoft.com/AdminPortal/Home#/homepage
- ...
Follow the steps below to enable your AirID FIDO for your Azure Domain
To use your AirID FIDO2 functionality, you first need to enable its method on your Azure Active directory. To do so, please follow the steps below, as well as to check out our other guides explaining all parts of the journey to fully utilize the AirID FIDO.
UI Text Box |
---|
|
Contents of this Page: |
Image Added
2 Navigate to the 'Azure Active Directory' section
Image Added
UI Text Box |
---|
|
The Azure dashboard can be a little confusing at times, the easiest way to access the option we're reffering to is navigating through the Azure Active Directory Section, which if not located on the left panel, can be found in the 'all services' section or via the search bar. |
3 Open the "Security" section
Image Added
Image Added
UI Text Box |
---|
|
In the Azure Active Directory Section go the 'Security' tab. It'll be located on the second navigation panel. |
4 Go to "Authentication Methods"
Image Added
UI Text Box |
---|
|
Again, as with the security tab, now select the 'Authentication methods' section. |
5 Select "FIDO2 Security Key" Method
Image Added
UI Text Box |
---|
|
In this screen we can now set different Authentication Methods supported by Microsoft. For this guide we will focus on the AirID FIDO so we skip the "Microsoft Authenticator" and the "Text message (preview)".
In regards to the "Temporary Access Pass (preview)" this functionality will allow us to invite users to setup their AirID FIDO security key and bypass possible 2nd factor enrollments. But this will be covered in another article. |
Image Added
UI Text Box |
---|
|
Now we can setup our Microsoft Policy for our AirID FIDO. Check the table for information on the different options
| Presented Options | Description |
---|
Enable | sign in | at this stage we can decide if we want to enable this FIDO2 method given the below options. It is then accessible for both sign in and Strong authentication. |
---|
Strong authentication | Target | All users | We can target both 'all users' or selected users as either individuals or sorted by groups which are defined in azures group section |
---|
Selected users | General | Allow self-service set up | This options lets users the option to roll out their own fido keys - at the moment we'd suggest leaving this option on 'yes' |
---|
enforce attestation | This option refers the 'Key attestation' of the FIDO2 protcol ä at the current state we'd also suggest leaving this option on 'no' | Key Restriction Policy | enforce key restriction | With this 'yes/no' option we're able to restrict the keys used by their AAGUID |
---|
restrict specific keys | with the 'allow/block' option we have the possibility to white/blacklist these keys |
|
7 Save 'FIDO2 Security Key' Setting
Image Added
UI Text Box |
---|
|
After our settings have been done we can save the Settings and enablement of the FIDO Policy for your AirID FIDO has been done. Next up we have articles describing the roll-out requirements for your devices to use the complete functions of your AirID FIDO. |
Related Articles
Content by Label |
---|
showLabels | false |
---|
max | 5 |
---|
spaces | PM |
---|
showSpace | false |
---|
sort | modified |
---|
reverse | true |
---|
type | page |
---|
excerptType | simple |
---|
cql | label = "faq" and type = "page" and space = "DEMTHSP" |
---|
labels | kb-troubleshooting-article |
---|
|
Was this answer helpful?
Please rate & help us to improve our FAQ.
...