Passwordless Journey Webinar

Journey to Passwordless Sign-in
Webinar
March 5, 2020
Agenda The case for strong authentication
Your journey to Passwordless
Passwordless journey planning
Q&A
The case for strong authentication
Everyone hates passwords
279%
increase in security incidents at enterprises from
2016 to 2017
81%
of hacking-related breaches leveraged either
stolen and/or weak passwords
20% Data obtained from:

of support costs for enterprise IT departments Well…almost everyone
OTA Cyber incidents Report 2018
are about forgotten passwords Verizon Cybercrime Case Studies 2017
Enable MFA
• Better than passwords
alone
• Has ease-of-use and
security challenges
Many users do not like MFA
either
• Passwords + 2FA is more secure

(100x more secure), but also more
complicated and difficult to use.
+
MESSAGES
John Doe 2FA verification

code: 020987
lllllll
Passwords 2FA
High Security
There has to be
a better way
Inconvenient
Convenient
Passwords + standard 2FA
Passwords
Low Security
Your journey to passwordless
Phases of the journey
Achieve security promise
Achieve end-user promise
4
3 Eliminate
passwords from
2 Transition to
passwordless
identity directory
1 Reduce user-visible
password surface
methods
Deploy password- area
replacement
offerings
Passwordlessauthentication methods
Windows Hello for Business Phone sign-in FIDO2 Security Keys
(GA) (Public Preview) (Public Preview)
Sep July
2016
2018 2019
Windows Hello
Microsoft’s premier
passwordless experience for
Windows 10
https://aka.ms/whfb
2016 FIDO2
Available since Certified
9.3K enterprise deployments

with over 1.7M MAD
Windows Hello
Two factor, passwordless authentication for Windows
Ready for Enterprise

Windows Hello is designed for designated PCs
One to one Many to many
Office workers Think shared PC workers

Biometric & credential tied to PC Biometric cannot be tied to PC
Currently supported by Windows Hello NOT currently supported by Windows Hello
Microsoft
Authenticator
https://aka.ms/passwordless
2018 ~50K MAU

Available in public for passwordless
preview sign-in
16M+users of App
50M downloads
FIDO2 security keys
Jul 2019 Feb 2020

Public preview for Public preview for
Azure AD joined Hybrid Azure AD
devices joined Win10 devices
2K+ tenants have enabled

feature and registered keys
2
• Standards-based
Passwordless authentication
• WebAuthN and CTAP
standards are final
• Supported in Chrome, Edge,
FireFox, Safari
• Windows 10 1903 Update
• Testing Mac, Chromebook
integration
Passwordless with FIDO2 security keys
USB/NFC Key USB Biometric Key Biometric Wearables
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys
Secure Authentication Flow
A simple, common architecture
Based on public-key technology

Private-keys are securely stored
on the device
Requires a local gesture
(e.g., biometric, PIN)
Private-keys are bound to a single device
and never shared
Flexible authentication method management
Coming soon
Announced at Ignite 2019
• SMS sign-in for firstline workers
• Replacement for username and

password, but not strong auth
Demos
Credentials Things you can do… …in the next three …in this calendar year Looking Beyond
Management Tasks today months
Enable MFA Enroll your users in Azure MFA with Add device-based Secure all apps with CA
converged registration conditional access to factors like hybrid-join and MFA or Device
sensitive apps or Intune management checks
Get to true SSO Move SaaS apps to Publish Windows Modernize custom Sunset your LDAP and
Azure AD Integrated Auth apps apps to use Azure AD WAM apps
with App Proxy
Deploy Windows Hello Plan/work to get to Enable an MFA solution Roll out WHFB to users, HW refresh to get
for Business Windows 10 version for your end users with even with only PIN more friendly WHFB
1703 or greater Azure AD form factors
Enable Passwordless Enable Authenticator Enable for all users Plan/work to get to Explore new FIDO2
Credentials App sign in for who can use mobile Windows 10 version form factors;
sensitive users devices. 1903 or greater Authenticator as FIDO2
Pilot FIDO2 key
Improve Password Roll out Azure AD Change your password Transition to Azure AD Stop using passwords
Management Password Protection policy to our guidelines SSPR
Enable MFA Enroll your users in Azure MFA with Add device-based Secure all apps with CA
converged registration conditional access to factors like hybrid-join and MFA or Device
sensitive apps or Intune management checks
Get to true SSO Move SaaS apps to Publish Windows Modernize custom Sunset your LDAP and
Azure AD Integrated Auth apps apps to use Azure AD WAM apps
with App Proxy
Deploy Windows Hello Plan/work to get to Enable an MFA solution Roll out WHFB to users, HW refresh to get
for Business Windows 10 version for your end users with even with only PIN more friendly WHFB
1703 or greater Azure AD form factors
Enable Passwordless Enable Authenticator Enable for all users Plan/work to get to Explore new FIDO2
Credentials App sign in for who can use mobile Windows 10 version form factors;
sensitive users devices. 1903 or greater Authenticator as FIDO2
Pilot FIDO2 key
Improve Password Roll out Azure AD Change your password Transition to Azure AD Stop using passwords
Management Password Protection policy to our guidelines SSPR
Planning aspects
Persona
Platform
Apps
Resources
Overview site for business decision makers: http://aka.ms/gopasswordless
Azure AD Deployment Plans: http://aka.ms/deploymentplans
How-To Videos: http://aka.ms/AzureADVideos
For applications / SDK’s that want to use WebAuthN: WebAuthn APIs for passwordless
authentication on Windows 10
Additional resources
• Azure Active Directory Webinar Community:
https://aka.ms/AADWebinarCommunity
• Product documentation:
https://docs.microsoft.com/azure/active-directory/index
• Deployment Resources:
https://www.microsoft.com/fasttrack/resources
Let us know what you think by taking this 5 minute survey.

https://aka.ms/FY20AzureActiveDirectoryWebinarFeedback.
Q&A
Thank you.
© Copyright Microsoft Corporation. All rights reserved.

Passwordless Journey Webinar

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Passwordless Journey Webinar

Uploaded by

Copyright:

Available Formats

Journey to Passwordless Sign-in

Your journey to Passwordless

Passwordless journey planning

20% Data obtained from:

• Passwords + 2FA is more secure

John Doe 2FA verification

Achieve security promise

Achieve end-user promise

9.3K enterprise deployments

Ready for Enterprise

One to one Many to many

Office workers Think shared PC workers

2018 ~50K MAU

Jul 2019 Feb 2020

2K+ tenants have enabled

USB/NFC Key USB Biometric Key Biometric Wearables

Based on public-key technology

• SMS sign-in for firstline workers

• Replacement for username and

Overview site for business decision makers: http://aka.ms/gopasswordless

Azure AD Deployment Plans: http://aka.ms/deploymentplans

How-To Videos: http://aka.ms/AzureADVideos

Let us know what you think by taking this 5 minute survey.

© Copyright Microsoft Corporation. All rights reserved.

You might also like