deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #7678 from paolomatarazzo/pm-20221219-passwordless

Browse Source 
[Passwordless] FIDO and LAPS
This commit is contained in:
Stephanie Savell 2022-12-20 10:58:44 -06:00 committed by GitHub
commit 373fdd2814
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 37 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.openpublishing.redirection.json
View File

@ -20284,6 +20284,16 @@
"source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md", "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md",
"redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview", "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview",
"redirect_document_id": true "redirect_document_id": true
},
{
"source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md",
"redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md",
"redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
"redirect_document_id": false
} }
] ]
} }

10
windows/security/TOC.yml
View File

@ -306,10 +306,16 @@
items: items:
- name: Overview - name: Overview
href: identity.md href: identity.md
- name: Windows Hello for Business
href: identity-protection/hello-for-business/index.yml
- name: Windows credential theft mitigation guide - name: Windows credential theft mitigation guide
href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
- name: Passwordless
items:
- name: Windows Hello for Business
href: identity-protection/hello-for-business/index.yml
- name: FIDO 2 security keys
href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=/windows/security/context/context
- name: Local Administrator Password Solution (LAPS)
href: /windows-server/identity/laps/laps-overview?context=/windows/security/context/context
- name: Enterprise Certificate Pinning - name: Enterprise Certificate Pinning
href: identity-protection/enterprise-certificate-pinning.md href: identity-protection/enterprise-certificate-pinning.md
- name: Credential Guard - name: Credential Guard

6
windows/security/breadcrumb/toc.yml
View File

@ -10,3 +10,9 @@ items:
- name: Security - name: Security
tocHref: /windows-server/security/credentials-protection-and-management/ tocHref: /windows-server/security/credentials-protection-and-management/
topicHref: /windows/security/ topicHref: /windows/security/
- name: Security
tocHref: /windows-server/identity/laps/
topicHref: /windows/security/
- name: Security
tocHref: /azure/active-directory/authentication/
topicHref: /windows/security/

4
windows/security/context/context.yml Normal file
View File

@ -0,0 +1,4 @@
### YamlMime: ContextObject
brand: windows
breadcrumb_path: ../breadcrumb/toc.yml
toc_rel: ../toc.yml

26
windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
View File

@ -1,26 +0,0 @@
---
title: Microsoft-compatible security key
description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key.
ms.date: 11/14/2018
appliesto:
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
ms.topic: article
---
# What is a Microsoft-compatible security key?
> [!Warning]
> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. See [FIDO2 security keys features and providers](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys).
The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience.
A security key **MUST** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft-compatible:
| #</br> | Feature / Extension trust</br> | Why is this required? </br> |
| --- | --- | --- |
| 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key |
| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have a user interface|
| 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode |
| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD) |

30
windows/security/identity-protection/hello-for-business/reset-security-key.md
View File

@ -1,30 +0,0 @@
---
title: Reset-security-key
description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key
ms.date: 11/14/2018
appliesto:
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
ms.topic: article
---
# How to reset a Microsoft-compatible security key?
> [!Warning]
> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
>[!IMPORTANT]
>This operation will wipe everything from your security key and reset it to factory defaults.</br> **All data and credentials will be cleared.**
A [Microsoft-compatible security key](./microsoft-compatible-security-key.md) can be reset via Settings app (Settings > Accounts > Sign-in options > Security key).
</br>
Follow the instructions in the Settings app and look for specific instructions based on your security key manufacturer below:
|Security key manufacturer</br> | Reset instructions </br> |
| --- | --- |
|Yubico | **USB:** Remove and reinsert the security key. When the LED on the security key begins flashing, touch the metal contact <br> **NFC:** Tap the security key on the reader <br>|
|Feitian | Touch the blinking fingerprint sensor twice to reset the key|
|HID | Tap the card on the reader twice to reset it |
>[!NOTE]
>The steps to reset your security key may vary based on the security key manufacturer.</br>
>If your security key is not listed here, please reach out to your security key manufacturer for reset instructions.

2
windows/security/identity-protection/hello-for-business/webauthn-apis.md
View File

@ -16,7 +16,7 @@ Starting in **Windows 11, version 22H2**, WebAuthn APIs support ECC algorithms.
## What does this mean? ## What does this mean?
By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.yml) or [FIDO2 Security Keys](./microsoft-compatible-security-key.md) to implement passwordless multi-factor authentication for their applications on Windows devices. By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.yml) or [FIDO2 Security Keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to implement passwordless multi-factor authentication for their applications on Windows devices.
Users of these apps or sites can use any browser that supports WebAuthn APIs for passwordless authentication. Users will have a familiar and consistent experience on Windows, no matter which browser they use. Users of these apps or sites can use any browser that supports WebAuthn APIs for passwordless authentication. Users will have a familiar and consistent experience on Windows, no matter which browser they use.

12
windows/security/index.yml
View File

@ -1,21 +1,19 @@
### YamlMime:Landing ### YamlMime:Landing
title: Windows security # < 60 chars title: Windows security
summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive. # < 160 chars summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive.
metadata: metadata:
title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars. title: Windows security
description: Learn about Windows security # Required; article description that is displayed in search results. < 160 chars. description: Learn about Windows security technologies and how to use them to protect your data and devices.
ms.topic: landing-page ms.topic: landing-page
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-security ms.technology: itpro-security
ms.collection: ms.collection:
- highpri - highpri
ms.custom: intro-hub-or-landing
author: paolomatarazzo author: paolomatarazzo
ms.author: paoloma ms.author: paoloma
ms.date: 09/20/2021 ms.date: 12/19/2022
localization_priority: Priority
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

2
windows/security/information-protection/personal-data-encryption/overview-pde.md
View File

@ -33,7 +33,7 @@ ms.date: 12/13/2022
### Not supported with PDE ### Not supported with PDE
- [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md) - [FIDO/security key authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
- [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
- For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)). - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)).
- [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md) - [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)

8
windows/security/security-foundations.md
View File

@ -3,7 +3,6 @@ title: Windows security foundations
description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program. description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
ms.reviewer: ms.reviewer:
ms.topic: article ms.topic: article
manager: aaroncz
ms.author: paoloma ms.author: paoloma
author: paolomatarazzo author: paolomatarazzo
ms.prod: windows-client ms.prod: windows-client
@ -15,9 +14,9 @@ ms.date: 12/31/2017
Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in todays threat environment. Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in todays threat environment.
Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified.
Use the links in the following table to learn more about the security foundations:<br/><br/> Use the links in the following table to learn more about the security foundations:
| Concept | Description | | Concept | Description |
|:---|:---| |:---|:---|
@ -25,6 +24,3 @@ Use the links in the following table to learn more about the security foundation
| Common Criteria Certifications | Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). | | Common Criteria Certifications | Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).| | Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
| Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). | | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |