You can configure additional settings to restrict specific keys for example. Next, go to Azure Active Directory -> Security -> Authentication methods, and make sure that both FIDO2 Security Key and Temporary Access Pass is enabled for all, or a selected group of users. The new combined registration experience is enabled by default on newer tenants, but if you have an older tenant, go to Azure Active Directory-> User Settings -> Manage user feature settings, and make sure that users can use the combined security information registration experience.
Authentication policy for Temporary Access Pass. Combined registration portal for MFA and SSPR enrollement. To support FIDO2 keys as authentication method, we need three things in place: In this blogpost, we take a look at how to set that up in your environment. Users can use TAP to bootstrap passwordless methods such as Windows Hello, FIDO2 keys, and Microsoft Authenticator App. Using this method, TAP will statisfy the MFA requirement. To work around that, we can use Azure Active Directory’s Temporary Access Pass (TAP) to onboard the user. That is sort of a chicken and egg situation. So if the user has not added an authentication method, they need to do that first, in order to add the FIDO2 security key to the account. One of the requirements to use FIDO2 security keys with your Microsoft 365 or Azure Active Directory account is multi-factor authentication.
0 kommentar(er)
