the fido2 security passkeys, seem to have gotten in a loop at the moment for myself, basically on android device registered in intune and entra the passkey is there but it doesn't seem to allow the passkey to bio-authenticate for outlook on the device so user has to mfa with authenticator daily rather than the passkey completing this - not what would class a major problem, but it encourages senior management to want to move away from mfa which I would class as greater risk.
Great video Andy. at about 8:57 you say that one of the AAGUID for passkey is the Windows device. Can you please elaborate? Does it mean Windows phone or can we finally store the passkey on the Windows 11 device itself? Just like we can with github for example..
@@Calindar well that is coming. Microsoft seems to want to do Authenticator first. It should extend to non device bound passkeys later on when attestation works properly
@@driver288 is it coming? All I've found information about is sync-able passkeys between devices with authenticator app installed, but that is not what I'm talking about.
Isn’t it true though that attestation isn’t supported right now during the preview? Or have they now enabled it? I think you shouldn’t allow this in production until it is supported.
That intro music had some real 80/90's acid house vibes!!
Yeah baby :-)
What will be the content of the cyber security course
It’s finished now. More dates and details soon
the fido2 security passkeys, seem to have gotten in a loop at the moment for myself, basically on android device registered in intune and entra the passkey is there but it doesn't seem to allow the passkey to bio-authenticate for outlook on the device so user has to mfa with authenticator daily rather than the passkey completing this - not what would class a major problem, but it encourages senior management to want to move away from mfa which I would class as greater risk.
I would use the google authenticator instead
I would like to join
Sign up today www.quality-training.co.uk/book-online
Great video Andy. at about 8:57 you say that one of the AAGUID for passkey is the Windows device. Can you please elaborate? Does it mean Windows phone or can we finally store the passkey on the Windows 11 device itself? Just like we can with github for example..
Here is a nice article learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-passkey-fido2
Windows 11 does support passkeys already. Device bound passkeys.
@@driver288 yes, but not for EntraID. Which is the whole point
@@Calindar well that is coming. Microsoft seems to want to do Authenticator first. It should extend to non device bound passkeys later on when attestation works properly
@@driver288 is it coming? All I've found information about is sync-able passkeys between devices with authenticator app installed, but that is not what I'm talking about.
Isn’t it true though that attestation isn’t supported right now during the preview? Or have they now enabled it? I think you shouldn’t allow this in production until it is supported.
Attestation is not something you switch on. It’s built in to the tech.