Microsoft Enhances Entra ID Security with FIDO2 Provisioning APIs
Yubico has worked closely with Microsoft for over a decade to keep businesses around the world and the Microsoft solutions they use both secure and phishing-resistant. Recognising the importance of multi-factor authentication (MFA), Microsoft recently mandated that MFA be used by all Azure users – a critical move to require stronger authentication for end users to prevent phishing attacks.
Yubico-Microsoft Agrees on Phishing-Resistant MFA
Yubico applauds the mandate and encourages organisations to not only satisfy the MFA mandate but also expand the use of modern MFA beyond only Azure users while moving past phishable MFA solutions. Organisations must protect all their resources and should be applying policies to all users and all applications with Conditional Access Policy Authentication Strengths, requiring phishing-resistant MFA solutions like the YubiKey.
Continuing this trend of focusing on phishing resistance, Microsoft just announced Microsoft Entra ID FIDO2 provisioning APIs that give organisations the option to develop or leverage alternative administrator-led provisioning clients that support the setup of hardware security keys, like the YubiKey. Before this update, organisations were limited to requiring users to register their own security keys. This left gaps for many organisations that wanted to mature in their journey to becoming a phishing-resistant organisation, which often required users to sign in with a phishable authentication method like a Temporary Access Pass in order to register their YubiKey.
While this may have worked for some, more diverse and multinational entities and government agencies have long sought after the ability to do the provisioning on behalf of their users. Now, users can be onboarded into an organisation or can recover their account without ever having to downgrade to a phishable authentication method.
Yubico is proud to have partnered with Microsoft in supporting the development of these APIs. Yubico has worked to ensure that the provisioning of YubiKeys fits seamlessly into this release and Yubico now shares a GitHub project with a sample of how customers can leverage the new Microsoft Graph APIs.
“At Microsoft, we are committed to providing the highest levels of protection for our customers,” said Natee Pretikul, Principal Product Management Lead at Microsoft Security. “Phishing-resistant multi-factor authentication (MFA) is a critical component to a healthy and secure cybersecurity practice for any organisation. Through our FIDO2 Provisioning API integration with Yubico solution, our enterprise customers can quickly implement YubiKey, enhancing employee protection more efficiently. Together, we are empowering our customers to safeguard their digital identities and protect their data against ever-evolving threats.”
With Microsoft’s proven commitment to driving the highest security for users, and through our integration with Entra ID, YubiKeys offer a seamless, robust solution that not only strengthens security but simplifies the user experience. YubiKeys enable enterprises to create phishing-resistant users who use authentication that seamlessly moves with users across devices, services and business scenarios.