deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-05 09:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
martyav c83e650685 items 57 to 87 reviewed
2019-12-20 16:29:18 -05:00

2.3 KiB
Raw Blame History

title, description, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, audience, author, ms.author, manager, ms.collection, ms.topic, localizationpriority, ms.date, ms.reviewer
title description keywords ms.prod ms.mktglfcycl ms.sitesec ms.pagetype audience author ms.author manager ms.collection ms.topic localizationpriority ms.date ms.reviewer
Microsoft-compatible security key Learn how a Microsoft-compatible security key for Windows 10 is different (and better) than any other FIDO2 security key. FIDO2, security key, CTAP, Hello, WHFB w10 deploy library security, mobile ITPro mapalko mapalko dansimp M365-identity-device-management article medium 11/14/2018

What is a Microsoft-compatible security key?

Warning

Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Microsoft has been aligned with the FIDO Alliance with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. See FIDO2 security keys features and providers.

The FIDO2 CTAP specification contains a few optional features and extensions which are crucial to provide that seamless and secure experience.

A security key MUST implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft-compatible:

#
 Feature / Extension trust
 Why is this required?
1 Resident key This feature enables the security key to be portable, where your credential is stored on the security key
2 Client pin This feature enables you to protect your credentials with a second factor and applies to security keys that do not have an user interface
3 hmac-secret This extension ensures you can sign-in to your device when it's off-line or in airplane mode
4 Multiple accounts per RP This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD)