A look at FIDO Authentication within Microsoft's Azure and Active Directory. Passwordless authentication for enterprise is now easy and accessible.

2. John Doe
lllllll

3. 20%
of support calls for enterprises are
about forgotten passwords
540K
forgotten
passwords
For Microsoft account, on a yearly basis
$5M+
spent on forgotten
passwords
John Doe
lllllll

4. John Doe
lllllll
2FAPasswords
2FA verification
code: 020987
MESSAGES
+
Passwords + 2FA is more secure, but also
more complicated and difficult to use.

5. While passwords are bad in some ways….
Human generated symmetric secrets

6. Easy to provision
Portable
Compatible
Expensive
Inconvenient
Insecure
Human generated symmetric secrets
…Passwords are great in other ways

7. High Security
Low Security
ConvenientInconvenient
Passwords
2FA verification
code: 020987
MESSAGES
John Doe
lllllll
Passwords +
standard 2FA
?

9. Path to Passwordless
1. Develop password-
replacement offerings
2. Reduce user-visible
password surface area
3. Transition into
password-less deployment
4. Eliminate passwords
from identity directory

10. 1. Develop
2. Reduce
3. Transition
4. Eliminate

11. Apps
Web app
Device sign in
App that works
crossplatform
Device + Biometric
Biometric on device
+
Windows 10 or other OS
Microsoft Edge or other browser
Any device
Azure Active
Directory
Microsoft
account

12. Windows Hello Microsoft Authenticator FIDO2 Security Keys

14. Ready for Enterprise

15. 69M
active Windows
Hello users
6000+
enterprises have
deployed Windows
Hello for Business
350%
46%

17. Only for sign in to Windows
What about other platforms?
Doesn’t work for shared PCs
Not portable
Windows Hello Limitations
manini.roy@hotmail.com

18. ??

20. Phone sign-in using Microsoft Authenticator
Password-less authentication
Public / Private key exchange
Works cross-platform and on all browsers
Microsoft Authenticator
rcalafato@live.com

22. Passwordless sign in only works with Microsoft
Account and Azure AD
Not all phones have a secure enclave
What if you lose your phone?
Limitations of Authenticator

24. FIDO2 Protocol

27. Path to Passwordless
1. Develop password-
replacement offerings
2. Reduce user-visible
password surface area
3. Transition into
password-less deployment
4. Eliminate passwords
from identity directory
Windows Hello
Authenticator App
FIDO

28. 1. Develop
2. Reduce
3. Transition
4. Eliminate

29. Path to Passwordless
1. Develop password-
replacement offerings
2. Reduce user-visible
password surface area
3. Transition into
password-less deployment
4. Eliminate passwords
from identity directory
Windows Hello for Business
Authenticator App
FIDO
Windows 10S is passwordless

30. Next
Create account
maniniroy@hotmail.com
Sign in with Microsoft
Offline account Terms of usePrivacy & cookies

31. Forgot password
Enter your password
Enter the password for karanbir-singh@hotmail.com
● ● ● ● ● ● ● ● ●
Use another method

32. Manini Roy
Sign in options
PIN
Manini Roy

33. Manini Roy
Sign in options
PIN
Manini Roy
No passwords!

36. What’s Coming?
1. Develop password-
replacement offerings
2. Reduce user-visible
password surface area
3. Transition into
password-less deployment
4. Eliminate passwords
from identity directory
Windows Hello for Business
Authenticator App
FIDO2 Security keys
Windows 10S is passwordless
Windows is passwordless
MSA and AAD doesn’t need a
password
Users can create passwordless MSAs
Users can turn off passwords for their existing MSAs
IT admins can turn off passwords

37. Legacy apps
Initial bootstrapping
Gnarly recovery scenarios
Biggest Gaps
manini.roy@hotmail.com

38. @manini_roy