Professional Documents
Culture Documents
Passwordless Journey Webinar
Passwordless Journey Webinar
Webinar
March 5, 2020
Agenda The case for strong authentication
Q&A
The case for strong authentication
Everyone hates passwords
279%
increase in security incidents at enterprises from
2016 to 2017
81%
of hacking-related breaches leveraged either
stolen and/or weak passwords
+
MESSAGES
lllllll
Passwords 2FA
High Security
There has to be
a better way
Inconvenient
Convenient
Passwords + standard 2FA
Passwords
Low Security
Your journey to passwordless
Phases of the journey
4
3 Eliminate
passwords from
2 Transition to
passwordless
identity directory
1 Reduce user-visible
password surface
methods
Deploy password- area
replacement
offerings
Passwordlessauthentication methods
Windows Hello for Business Phone sign-in FIDO2 Security Keys
(GA) (Public Preview) (Public Preview)
Sep July
2016
2018 2019
Windows Hello
Microsoft’s premier
passwordless experience for
Windows 10
https://aka.ms/whfb
2016 FIDO2
Available since Certified
https://aka.ms/passwordless
16M+users of App
50M downloads
FIDO2 security keys
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys
Secure Authentication Flow
A simple, common architecture
Get to true SSO Move SaaS apps to Publish Windows Modernize custom Sunset your LDAP and
Azure AD Integrated Auth apps apps to use Azure AD WAM apps
with App Proxy
Deploy Windows Hello Plan/work to get to Enable an MFA solution Roll out WHFB to users, HW refresh to get
for Business Windows 10 version for your end users with even with only PIN more friendly WHFB
1703 or greater Azure AD form factors
Enable Passwordless Enable Authenticator Enable for all users Plan/work to get to Explore new FIDO2
Credentials App sign in for who can use mobile Windows 10 version form factors;
sensitive users devices. 1903 or greater Authenticator as FIDO2
Pilot FIDO2 key
Improve Password Roll out Azure AD Change your password Transition to Azure AD Stop using passwords
Management Password Protection policy to our guidelines SSPR
Passwordless journey planning
Credentials Things you can do… …in the next three …in this calendar year Looking Beyond
Management Tasks today months
Enable MFA Enroll your users in Azure MFA with Add device-based Secure all apps with CA
converged registration conditional access to factors like hybrid-join and MFA or Device
sensitive apps or Intune management checks
Passwordless journey planning
Credentials Things you can do… …in the next three …in this calendar year Looking Beyond
Management Tasks today months
Get to true SSO Move SaaS apps to Publish Windows Modernize custom Sunset your LDAP and
Azure AD Integrated Auth apps apps to use Azure AD WAM apps
with App Proxy
Passwordless journey planning
Credentials Things you can do… …in the next three …in this calendar year Looking Beyond
Management Tasks today months
Deploy Windows Hello Plan/work to get to Enable an MFA solution Roll out WHFB to users, HW refresh to get
for Business Windows 10 version for your end users with even with only PIN more friendly WHFB
1703 or greater Azure AD form factors
Passwordless journey planning
Credentials Things you can do… …in the next three …in this calendar year Looking Beyond
Management Tasks today months
Enable Passwordless Enable Authenticator Enable for all users Plan/work to get to Explore new FIDO2
Credentials App sign in for who can use mobile Windows 10 version form factors;
sensitive users devices. 1903 or greater Authenticator as FIDO2
Pilot FIDO2 key
Passwordless journey planning
Credentials Things you can do… …in the next three …in this calendar year Looking Beyond
Management Tasks today months
Improve Password Roll out Azure AD Change your password Transition to Azure AD Stop using passwords
Management Password Protection policy to our guidelines SSPR
Planning aspects
Persona
Platform
Apps
Resources
For applications / SDK’s that want to use WebAuthN: WebAuthn APIs for passwordless
authentication on Windows 10
Additional resources
• Azure Active Directory Webinar Community:
https://aka.ms/AADWebinarCommunity
• Product documentation:
https://docs.microsoft.com/azure/active-directory/index
• Deployment Resources:
https://www.microsoft.com/fasttrack/resources