Starting with FIDO2 security keys With Azure Active Directory #Trustkey #pointblank #fido #Azure #Security #AAD

Received a great FIDO2 Test kit from the vendor PointBlank Security / TrustKey Solutions https://www.trustkeysolutions.com/  https://www.pointblank.de/en/

As FIDO2 is the new hot item in the security world, let see if it is that easy to implement and to use. I'm not going into the depth specs of the keys but more as a user view. easy to use and setup is this key to use by anyone.

for all the login this is usable when the Microsoft challenge is the say for Windows virtual desktop (WVD) you can use this.

https://www.pointblank.de/en/ https://www.trustkeysolutions.com

I have a USB key and a USB-C type key.

FIDO2image

I use my Computer with the normal USB for this so the Trustkey G310 model

FIDO2

Setting the Key en use it is simple I configured the Azure Active directory did some easy settings add the Key to my profile and ready.

First we Enable FIDO2 security key in the this is been configured from the Azure Portal.

FIDO2 

Next we go to methods.

image

Here we can change the type for all users of for a select of users.

image

When this is done you can set the fido option in your profile. If this is your own account then in the top of the azure portal you can go directly to your user account . or go to https://myaccount.microsoft.com/

 image

Go to Security info

image

Here you can do add a method

image

Adding the Security key or if you want to used the phone the method is similar.

imageimage

Now that we have chosen the FIDO2 Security Key we can configure this with a PIN.

imageimageimage

Choose a proper Pin and use the Key. Now everything is set and ready to use.

Whenever you are challenged to login with the Microsoft account you can make the choice on using the USB key. You can also make this dedicated

So for samples we go to  Browse to https://myprofile.microsoft.com use an in private session or different browser to make sure you test this right.

image

image

select sign in with a security key

FIDO2image

When entering the PIN and touching the USB you will be granted to login when it was successful you will see the page else it will prompt you again.

image 

All this is perfect usable to login into your WVD portal

https://rdweb.wvd.microsoft.com/webclient/index.html

image FIDO2

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009.
Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries.
Robert's past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals
who are trying to address real concerns around business continuity, disaster and regulatory compliance issues. Robert holds the following certifications:
MCT – Microsoft Certified Trainer, MCTS – , MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on , Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization.
Follow Robert on Twitter @ClusterMVP
Or follow his blog https://robertsmit.wordpress.com
Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues.

A customer says ” Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. ”

Details of the Recommendation: “I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project

 

This article was originally published by The Windows Server HA Blog. You can find the original article here.