Today I want to tell you about some exciting new features we’ve been working on that I think you’ll be pretty excited about. Specifically, today we are announcing that:
- A limited-preview of Password-less sign-in using a FIDO2 security key will available in the next update to Windows 10 (coming this spring).
- Azure AD Conditional Access policies can now check device health as reported by Windows Defender Advanced Threat Protection.
- With the addition of domain allow and deny lists, Azure AD B2B Collaboration now gives you the ability to control which partner organizations you work with.
For more details, keep scrolling!
A limited-preview of Password-less sign-in using a FIDO2 security key will available in the next update to Windows 10 (coming this spring).
If you want to significantly improve your security posture, cut the risk of phishing attacks and cut your password management costs, then you are going to love the work we are doing to add FIDO2 support to Windows 10.
With the next Windows 10 update, we’re adding a limited preview of our FIDO2 security key support. This new capability will give your employees the ability to sign in to an Azure Active Directory-joined Windows 10 PC without a username or password. All they will need to do is insert FIDO2 compliant security key into their USB port and tab. They’ll be automatically signed in to the device and they’ll get single-sign-on access to all your Azure AD protected cloud resources, as well.
See how it works in this video:
Head over to the Windows for Business blog to learn more about how FIDO2 security keys work with Windows Hello.
We’ve got lots more work to do here of course, including adding support for delegated key creation, and support for hybrid environments. But this is going to be a HUGE step in our drive to eliminate passwords for good and we’re really excited about it.
Azure AD Conditional Access policies can now check device health as reported by Windows Defender Advanced Threat Protection.
We’re also announcing some major improvements to Azure AD Conditional Access based on a new integration with Intune and Windows Defender Advanced Threat Protection. You can now create access policies based on the risk level detected at Windows 10 endpoints, which helps you ensure that only trusted users on trusted devices can access your corporate data. With this new integration, Azure AD Conditional Access can now receive intelligence about suspicious activity in domain-joined devices and automatically block those devices from accessing corporate resources.
We’ve got a few more updates to share that we think you’ll be happy to hear about, too.
- Access reviews: We created access reviews to help you manage the drift in access rights over time. With GA, you can schedule access reviews to run on a regular basis. And review results can be automatically applied to help ensure clean compliance reviews.
- Azure AD PIM for Azure Resources: You can now use Azure AD PIM’s time-bound access and assignment capabilities to secure access to Azure Resources. For example, you can enforce Multi-Factor Authentication or an approval workflow whenever a user requests elevation into the Virtual Machine Contributor role.
With the addition of domain allow and deny lists, Azure AD B2B Collaboration now gives you the ability to control which partner organizations you work with.
Last but not least you can now specify which partner organizations you want to share and collaborate with in Azure AD B2B Collaboration. To do this, you can choose to create list of specific allow or deny domains. When a domain is blocked using these capabilities, employees can no longer send invitations to people in that domain.
This helps you control access to your resources, while enabling a smooth experience for approved users.
This B2B Collaboration feature is available for all Azure Active Directory customers and can be used in conjunction with Azure AD Premium features like conditional access and identity protection for more granular control of when and how external business users sign in and gain access.
Go here to learn more.
We’re excited to be able to bring you new ways to manage passwords, protect identities, and mitigate threats. Password-less sign-in in to Windows with Azure AD feature will soon be in limited preview, so let us know if you’d like to get on the waitlist to try it out.
And as always, if you have any feedback or suggestions, please tell us! We’re looking forward to hearing from you.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity DivisionVirtual Machine Contributor