From cf9de3c509903168ee2fdabb50800ac6cfd037ac Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Tue, 9 Oct 2018 10:43:10 -0700 Subject: [PATCH 01/14] sample page --- .../hello-for-business/FIDOTest.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 windows/security/identity-protection/hello-for-business/FIDOTest.md diff --git a/windows/security/identity-protection/hello-for-business/FIDOTest.md b/windows/security/identity-protection/hello-for-business/FIDOTest.md new file mode 100644 index 0000000000..769d4859f3 --- /dev/null +++ b/windows/security/identity-protection/hello-for-business/FIDOTest.md @@ -0,0 +1,15 @@ +--- +title: Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments +description: Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments +keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security, mobile +author: mikestephens-MS +ms.author: mstephen +ms.localizationpriority: medium +ms.date: 08/20/2018 +--- +# Test Page for FIDO +I was there hello From 91ad3f0f1f64d2ee01d9ca6fb9e5df524c98ea89 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Thu, 25 Oct 2018 15:30:11 -0700 Subject: [PATCH 02/14] First draft Microsoft compatible security keys --- .../hello-for-business/FIDOTest.md | 15 ----------- .../microsoft-compatible-security-key.md | 27 +++++++++++++++++++ 2 files changed, 27 insertions(+), 15 deletions(-) delete mode 100644 windows/security/identity-protection/hello-for-business/FIDOTest.md create mode 100644 windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md diff --git a/windows/security/identity-protection/hello-for-business/FIDOTest.md b/windows/security/identity-protection/hello-for-business/FIDOTest.md deleted file mode 100644 index 769d4859f3..0000000000 --- a/windows/security/identity-protection/hello-for-business/FIDOTest.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments -description: Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments -keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security, mobile -author: mikestephens-MS -ms.author: mstephen -ms.localizationpriority: medium -ms.date: 08/20/2018 ---- -# Test Page for FIDO -I was there hello diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md new file mode 100644 index 0000000000..e71013ebe8 --- /dev/null +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -0,0 +1,27 @@ +--- +title: Microsoft compatible security key +description: Windows 10 enables users to sign in to their device using a security key. How is a microsoft compatible security key different (and better) than any other FIDO2 security key +keywords: FIDO2, security key, CTAP, Hello, WHFB +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security, mobile +author: aabhathipsay-MS +ms.author: aathipsa +ms.localizationpriority: medium +ms.date: 10/25/2018 +--- +# What is a Microsoft compatible security key? +Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) from the start with a mission to replace passwords with an easy to use, strong credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. + +The FIDO2 CTAP specification contains a few optional features and extensions which are crucial to provide that seamless and secure experience. + +A security key **must** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft compatible: + +| #
| Feature / Extension trust
| Why is this required?
| Relevant Section in FIDO2 CTAP specification
| +| --- | --- | --- | --- | +| 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | Section XXX | +| 2 | Client pin | This feature enables security keys to protect your credentials with a second factor like PIN
We recommend strong multi-factor credentials for authentication to all Microsoft services| Section XXX | +| 3 | hmac-secret | This extension ensures you can sign-in to your device when it’s off-line or in airplane mode | Section XXX | +| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like MSA and AAD | Section XXX | + From 8b5e4e64b8058f9d363c3cda9c2ef1b73177cffa Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Tue, 30 Oct 2018 14:47:13 -0700 Subject: [PATCH 03/14] fix formatting --- .../hello-for-business/microsoft-compatible-security-key.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index e71013ebe8..d91af39e14 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -22,6 +22,6 @@ A security key **must** implement the following features and extensions from the | --- | --- | --- | --- | | 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | Section XXX | | 2 | Client pin | This feature enables security keys to protect your credentials with a second factor like PIN
We recommend strong multi-factor credentials for authentication to all Microsoft services| Section XXX | -| 3 | hmac-secret | This extension ensures you can sign-in to your device when it’s off-line or in airplane mode | Section XXX | +| 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | Section XXX | | 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like MSA and AAD | Section XXX | From b354ec0adbb7763544fd6c70c2a18731344dc275 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Tue, 30 Oct 2018 16:05:02 -0700 Subject: [PATCH 04/14] Added link to CTAP spec --- .../microsoft-compatible-security-key.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index d91af39e14..1d3573bda0 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -14,14 +14,14 @@ ms.date: 10/25/2018 # What is a Microsoft compatible security key? Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) from the start with a mission to replace passwords with an easy to use, strong credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. -The FIDO2 CTAP specification contains a few optional features and extensions which are crucial to provide that seamless and secure experience. +The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience. A security key **must** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft compatible: -| #
| Feature / Extension trust
| Why is this required?
| Relevant Section in FIDO2 CTAP specification
| -| --- | --- | --- | --- | -| 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | Section XXX | -| 2 | Client pin | This feature enables security keys to protect your credentials with a second factor like PIN
We recommend strong multi-factor credentials for authentication to all Microsoft services| Section XXX | -| 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | Section XXX | -| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like MSA and AAD | Section XXX | +| #
| Feature / Extension trust
| Why is this required?
| +| --- | --- | --- | +| 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | +| 2 | Client pin | This feature enables security keys to protect your credentials with a second factor like PIN
We recommend strong multi-factor credentials for authentication to all Microsoft services| +| 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | +| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like MSA and AAD | From 3587619a01ccef6ff76c55d490ef8e2f4aa3e493 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Mon, 5 Nov 2018 11:32:10 -0800 Subject: [PATCH 05/14] Minor updates --- .../microsoft-compatible-security-key.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 1d3573bda0..cc059702b7 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -12,16 +12,16 @@ ms.localizationpriority: medium ms.date: 10/25/2018 --- # What is a Microsoft compatible security key? -Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) from the start with a mission to replace passwords with an easy to use, strong credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. +Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience. -A security key **must** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft compatible: +A security key **MUST** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft compatible: | #
| Feature / Extension trust
| Why is this required?
| | --- | --- | --- | | 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | -| 2 | Client pin | This feature enables security keys to protect your credentials with a second factor like PIN
We recommend strong multi-factor credentials for authentication to all Microsoft services| +| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have an user interface| | 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | -| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like MSA and AAD | +| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD) | From 1d9948df07f761d91076828d90612dbf7d732582 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Wed, 7 Nov 2018 14:23:45 -0800 Subject: [PATCH 06/14] minor edits --- .../microsoft-compatible-security-key.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index cc059702b7..fb9afb773b 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -1,22 +1,26 @@ --- -title: Microsoft compatible security key -description: Windows 10 enables users to sign in to their device using a security key. How is a microsoft compatible security key different (and better) than any other FIDO2 security key +title: Microsoft-compatible security key +description: Windows 10 enables users to sign in to their device using a security key. How is a Microsoft-compatible security key different (and better) than any other FIDO2 security key keywords: FIDO2, security key, CTAP, Hello, WHFB ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -author: aabhathipsay-MS +author: aabhathipsay ms.author: aathipsa ms.localizationpriority: medium -ms.date: 10/25/2018 +ms.date: 11/14/2018 --- -# What is a Microsoft compatible security key? +# What is a Microsoft-compatible security key? +> [!Warning] +> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience. -A security key **MUST** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft compatible: +A security key **MUST** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft-compatible: | #
| Feature / Extension trust
| Why is this required?
| | --- | --- | --- | From 58d0f0680e8b6f10b66564a89eef7373ce4ec7df Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Wed, 14 Nov 2018 18:27:04 -0800 Subject: [PATCH 07/14] Draft page for reset a security key --- .../hello-for-business/reset-security-key.md | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 windows/security/identity-protection/hello-for-business/reset-security-key.md diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md new file mode 100644 index 0000000000..000898161c --- /dev/null +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -0,0 +1,31 @@ +--- +title: Reset-security-key +description: Windows 10 enables users to sign in to their device using a security key. How to reset a security key +keywords: FIDO2, security key, CTAP, Microsoft-compatible security key +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security, mobile +author: aabhathipsay +ms.author: aathipsa +ms.localizationpriority: medium +ms.date: 11/14/2018 +--- +# How to reset a Microsoft-compatible security key? +> [!Warning] +> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +The steps to reset your security key may vary based on the security key vendor. + +>[!IMPORTANT] +>
This operation will wipe everything from your security key and reset it to factory defaults. +>
All data and credentials will be cleared. +> + +| #
| Security key vendor
| Reset instructions
| +| --- | --- | --- | +| 1 | Yubico | Remove and re-insert the security key
- If you are using a NFC key, tap the security key on the reader
When the LED on the security key begins flashing, touch the metal contact | +| 2 | Feitian | Touch the blinking fingerprint sensor twice to reset the key| +| 3 | HID | Tap the card on the reader twice to reset it | + +**If your security key is not listed here, please reach out to your vendor for reset instructions.** \ No newline at end of file From fff6db43cfec9fe14dd5e3a8b48b66c66db14ee7 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Tue, 22 Jan 2019 14:56:56 -0800 Subject: [PATCH 08/14] Minor changes --- .../hello-for-business/reset-security-key.md | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 000898161c..2a7a25acc9 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -15,17 +15,21 @@ ms.date: 11/14/2018 > [!Warning] > Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -The steps to reset your security key may vary based on the security key vendor. +A [Microsoft-compatible security key](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) can be reset via Settings app ( Settings > Accounts > Sign-in options > Security key ) + +>[!NOTE] +>The steps to reset your security key may vary based on the security key vendor.
+>If your security key is not listed here, please reach out to your vendor for reset instructions. + + >[!IMPORTANT] ->
This operation will wipe everything from your security key and reset it to factory defaults. ->
All data and credentials will be cleared. +>This operation will wipe everything from your security key and reset it to factory defaults.
All data and credentials will be cleared. > -| #
| Security key vendor
| Reset instructions
| -| --- | --- | --- | -| 1 | Yubico | Remove and re-insert the security key
- If you are using a NFC key, tap the security key on the reader
When the LED on the security key begins flashing, touch the metal contact | -| 2 | Feitian | Touch the blinking fingerprint sensor twice to reset the key| -| 3 | HID | Tap the card on the reader twice to reset it | +|Security key vendor
| Reset instructions
| +| --- | --- | +|Yubico | **USB:** Remove and re-insert the security key. When the LED on the security key begins flashing, touch the metal contact
**NFC:** Tap the security key on the reader
| +|Feitian | Touch the blinking fingerprint sensor twice to reset the key| +|HID | Tap the card on the reader twice to reset it | -**If your security key is not listed here, please reach out to your vendor for reset instructions.** \ No newline at end of file From f1ce0c8d6cfc20edb94de1e88c992118fdaf10ca Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Tue, 22 Jan 2019 15:51:29 -0800 Subject: [PATCH 09/14] Minor edits --- .../hello-for-business/reset-security-key.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 2a7a25acc9..bcefcbf9bb 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -15,11 +15,10 @@ ms.date: 11/14/2018 > [!Warning] > Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -A [Microsoft-compatible security key](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) can be reset via Settings app ( Settings > Accounts > Sign-in options > Security key ) +A [Microsoft-compatible security key](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) can be reset via Settings app ( Settings > Accounts > Sign-in options > Security key ). +
->[!NOTE] ->The steps to reset your security key may vary based on the security key vendor.
->If your security key is not listed here, please reach out to your vendor for reset instructions. +Follow the instructions in the Settings app and look for specific instructions based on your security key below: @@ -33,3 +32,6 @@ A [Microsoft-compatible security key](https://docs.microsoft.com/en-us/windows/s |Feitian | Touch the blinking fingerprint sensor twice to reset the key| |HID | Tap the card on the reader twice to reset it | +>[!NOTE] +>The steps to reset your security key may vary based on the security key vendor.
+>If your security key is not listed here, please reach out to your vendor for reset instructions. \ No newline at end of file From 3174e4918e57b4ef7229e46c2e0c2d67612b1594 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Tue, 22 Jan 2019 16:14:55 -0800 Subject: [PATCH 10/14] Repositioned text --- .../hello-for-business/reset-security-key.md | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index bcefcbf9bb..43aca85f75 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -15,23 +15,21 @@ ms.date: 11/14/2018 > [!Warning] > Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -A [Microsoft-compatible security key](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) can be reset via Settings app ( Settings > Accounts > Sign-in options > Security key ). -
- -Follow the instructions in the Settings app and look for specific instructions based on your security key below: - - - >[!IMPORTANT] ->This operation will wipe everything from your security key and reset it to factory defaults.
All data and credentials will be cleared. -> +>This operation will wipe everything from your security key and reset it to factory defaults.
**All data and credentials will be cleared.** -|Security key vendor
| Reset instructions
| + +A [Microsoft-compatible security key](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) can be reset via Settings app ( Settings > Accounts > Sign-in options > Security key ). +
+Follow the instructions in the Settings app and look for specific instructions based on your security key manufacturer below: + + +|Security key manufacturer
| Reset instructions
| | --- | --- | |Yubico | **USB:** Remove and re-insert the security key. When the LED on the security key begins flashing, touch the metal contact
**NFC:** Tap the security key on the reader
| |Feitian | Touch the blinking fingerprint sensor twice to reset the key| |HID | Tap the card on the reader twice to reset it | >[!NOTE] ->The steps to reset your security key may vary based on the security key vendor.
->If your security key is not listed here, please reach out to your vendor for reset instructions. \ No newline at end of file +>The steps to reset your security key may vary based on the security key manufacturer.
+>If your security key is not listed here, please reach out to your security key manufacturer for reset instructions. \ No newline at end of file From ff537157400545735219330683b7820645949ee3 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Thu, 14 Feb 2019 15:24:59 -0800 Subject: [PATCH 11/14] Adding Webauthn API page --- .../hello-for-business/WebAuthnAPIs.md | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md new file mode 100644 index 0000000000..244894fa66 --- /dev/null +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -0,0 +1,33 @@ +--- +title: WebAuthn APIs +description: Enabling password-less authentication for your sites and apps +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security, mobile +author: aabhathipsay +ms.author: aathipsa +ms.localizationpriority: medium +ms.date: 02/14/2019 +--- +# WebAuthn APIs for password-less authentication + +[!Warning] +> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can leverage password-less authentication. + +Microsoft has long been a proponent to do away with passwords. Today we’re excited to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 WebAuthn APIs! These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys as a password-less authentication mechanism on Windows 10 devices. + +#### What does this mean? +This opens opportunities for website developers or relying parties (RPs), who are dependent on the availability of authenticators and browsers to build password-less authentication for their sites. They can now leverage [Windows Hello](https://aka.ms/whfb) or [FIDO2 Security Keys](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) as a password-less multi-factor credential for authentication to their web sites. +Users of these sites can use any browser that supports WebAuthn Windows 10 APIs for password-less authentication and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs site! +

+The native Windows 10 WebAuthn APIs are currently supported by Microsoft Edge on Windows 10 1809 or later and newer versions of other browsers. +

+Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users. Moreover, this enables the use off all the transports available per FIDO2 specifications – USB, NFC and BLE without having to deal with the interaction and management overhead. This also implies browsers or apps on Windows 10 will no longer have direct access to USB for FIDO related messaging. + +#### Where can developers learn more? +The new Windows 10 APIs are documented on [GitHub](https://github.com/Microsoft/webauthn) + + From 26600aaf077a754f47805e62d1bad9fc070f6712 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Thu, 14 Feb 2019 16:02:52 -0800 Subject: [PATCH 12/14] Minor formatting edits --- .../hello-for-business/WebAuthnAPIs.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index 244894fa66..4e38fac566 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -10,22 +10,21 @@ ms.author: aathipsa ms.localizationpriority: medium ms.date: 02/14/2019 --- -# WebAuthn APIs for password-less authentication +# WebAuthn APIs for password-less authentication on Windows 10 -[!Warning] -> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can leverage password-less authentication. -Microsoft has long been a proponent to do away with passwords. Today we’re excited to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 WebAuthn APIs! These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys as a password-less authentication mechanism on Windows 10 devices. +Microsoft has long been a proponent to do away with passwords. Today we're excited to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 WebAuthn APIs! These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys as a password-less authentication mechanism on Windows 10 devices. #### What does this mean? This opens opportunities for website developers or relying parties (RPs), who are dependent on the availability of authenticators and browsers to build password-less authentication for their sites. They can now leverage [Windows Hello](https://aka.ms/whfb) or [FIDO2 Security Keys](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) as a password-less multi-factor credential for authentication to their web sites. +
Users of these sites can use any browser that supports WebAuthn Windows 10 APIs for password-less authentication and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs site!

The native Windows 10 WebAuthn APIs are currently supported by Microsoft Edge on Windows 10 1809 or later and newer versions of other browsers.

-Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users. Moreover, this enables the use off all the transports available per FIDO2 specifications – USB, NFC and BLE without having to deal with the interaction and management overhead. This also implies browsers or apps on Windows 10 will no longer have direct access to USB for FIDO related messaging. +Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users. Moreover, this enables the use off all the transports available per FIDO2 specifications - USB, NFC and BLE without having to deal with the interaction and management overhead. This also implies browsers or apps on Windows 10 will no longer have direct access to USB for FIDO related messaging. #### Where can developers learn more? The new Windows 10 APIs are documented on [GitHub](https://github.com/Microsoft/webauthn) From 99aae4d19d88452b193016b7021a88182713a255 Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Fri, 15 Feb 2019 16:56:11 -0800 Subject: [PATCH 13/14] minor edits --- .../hello-for-business/WebAuthnAPIs.md | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index 4e38fac566..d43f98328c 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -15,16 +15,26 @@ ms.date: 02/14/2019 ### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can leverage password-less authentication. -Microsoft has long been a proponent to do away with passwords. Today we're excited to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 WebAuthn APIs! These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys as a password-less authentication mechanism on Windows 10 devices. +Microsoft has long been a proponent to do away with passwords. +Today we're excited to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 Win32 WebAuthn platform APIs! +These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys +as a password-less authentication mechanism for their applications on Windows 10 devices. #### What does this mean? -This opens opportunities for website developers or relying parties (RPs), who are dependent on the availability of authenticators and browsers to build password-less authentication for their sites. They can now leverage [Windows Hello](https://aka.ms/whfb) or [FIDO2 Security Keys](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) as a password-less multi-factor credential for authentication to their web sites. +This opens opportunities for developers or relying parties (RPs) to enable password-less authentication. +They can now leverage [Windows Hello](https://aka.ms/whfb) or [FIDO2 Security Keys](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) +as a password-less multi-factor credential for authentication.
-Users of these sites can use any browser that supports WebAuthn Windows 10 APIs for password-less authentication and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs site! +Users of these sites can use any browser that supports WebAuthn Windows 10 APIs for password-less authentication + and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs site!

-The native Windows 10 WebAuthn APIs are currently supported by Microsoft Edge on Windows 10 1809 or later and newer versions of other browsers. +The native Windows 10 WebAuthn APIs are currently supported by Microsoft Edge on Windows 10 1809 or later + and latest versions of other browsers.

-Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users. Moreover, this enables the use off all the transports available per FIDO2 specifications - USB, NFC and BLE without having to deal with the interaction and management overhead. This also implies browsers or apps on Windows 10 will no longer have direct access to USB for FIDO related messaging. +Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users. + Moreover, this enables the use off all the transports available per FIDO2 specifications - USB, NFC and BLE + without having to deal with the interaction and management overhead. +This also implies browsers or apps on Windows 10 will no longer have direct access to above transports for FIDO related messaging. #### Where can developers learn more? The new Windows 10 APIs are documented on [GitHub](https://github.com/Microsoft/webauthn) From dd444d0ee46a2ca5a61e5aaa2bcb55e4cd0323da Mon Sep 17 00:00:00 2001 From: Aabha Thipsay Date: Fri, 15 Feb 2019 23:08:41 -0800 Subject: [PATCH 14/14] Updates to address Dani's review comments --- .../hello-for-business/WebAuthnAPIs.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index d43f98328c..94caf55f34 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -8,7 +8,7 @@ ms.pagetype: security, mobile author: aabhathipsay ms.author: aathipsa ms.localizationpriority: medium -ms.date: 02/14/2019 +ms.date: 02/15/2019 --- # WebAuthn APIs for password-less authentication on Windows 10 @@ -16,13 +16,13 @@ ms.date: 02/14/2019 ### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can leverage password-less authentication. Microsoft has long been a proponent to do away with passwords. -Today we're excited to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 Win32 WebAuthn platform APIs! +While working towards that goal, we'd like to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 Win32 WebAuthn platform APIs! These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys as a password-less authentication mechanism for their applications on Windows 10 devices. #### What does this mean? This opens opportunities for developers or relying parties (RPs) to enable password-less authentication. -They can now leverage [Windows Hello](https://aka.ms/whfb) or [FIDO2 Security Keys](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) +They can now leverage [Windows Hello](https://aka.ms/whfb) or [FIDO2 Security Keys](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key) as a password-less multi-factor credential for authentication.
Users of these sites can use any browser that supports WebAuthn Windows 10 APIs for password-less authentication @@ -32,7 +32,7 @@ The native Windows 10 WebAuthn APIs are currently supported by Microsoft Edge on and latest versions of other browsers.

Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users. - Moreover, this enables the use off all the transports available per FIDO2 specifications - USB, NFC and BLE + Moreover, this enables the use of all the transports available per FIDO2 specifications - USB, NFC and BLE without having to deal with the interaction and management overhead. This also implies browsers or apps on Windows 10 will no longer have direct access to above transports for FIDO related messaging.