Modern device management with a few twists
' My goal is to share my knowledge and experiences with community members on their own road to Modern device management. I love working with Microsoft technology and hopefully I can help a few people along the way.'
July 8th, 2022 by Andrew Jones
I’m sure you will agree that using passwords is on a road to extinction. Hi there is this blog post Im going to cover the topic of security and going Password-less using FIDO2 Security keys. If you would prefer to watch the video version of this head over to Youtube https://youtu.be/Kq74imD6KPY
In this blog I will cover setting up Azure AD, Microsoft Intune and registering a hardware security key for a single test user.
Let me start by saying a special thanks to Feitian who kindly provided me with three of their FIDO2 security keys. And I’ll be using one of these the K26 to demonstrate how it works in a Password-less experience.
Before we dive into the detail, we first need to look at some of the background and put some context around this topic. Recent statistics show around 81% of cyberattacks are due to comprised username or passwords. So, when we look at the use of passwords, old security approaches in the enterprise simply no longer apply. When we think about it the only people who like passwords are hackers. We have to create and remember them which is why help desks get so many calls and not only are they expensive to manage but easy for hackers to guess.
So the first approach and one quickly becoming a standard is to turn on multi-factor authentication which reduces the risk considerably. We won’t go into setting this up or configuring this here but take a look at the Microsoft article in how to achieve this. Enable Azure AD Multi-Factor Authentication - Microsoft Entra | Microsoft Docs
It is important to highlight that 2 factor Authentication using passwords is not the most convenient and secure method we can use. The diagram below shows a representation of the current guidance on this.