SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Microsoft 365 widens cyber defence with mobile YubiKey support
Thu, 25th Jan 2024

In a significant leap for mobile security and virtual desktop environments, Microsoft 365 now supports passkeys on YubiKeys on mobile devices, widening the cyber defence net for iOS and iPadOS users. This new preview, as unveiled recently, now covers a broader range of Microsoft 1st-party apps and applications safeguarded with Entra ID.

Touching on this development, Erik Parkkonen, Solutions Architect of Integrations at Yubico, emphasises the importance of increasing reliance on phishing-resistant multi-factor authentication (MFA) like passkeys. In this pursuit, the accessibility of passkeys on YubiKeys for mobile devices in the widely used service Microsoft 365 will undoubtedly be a welcome addition.

Since Microsoft's initial announcement of preview support for FIDO2 security keys back in 2019, customers have been eagerly expecting such a feature on the horizon. As the wish lists of Yubico and Entra ID customers are finally met with this fresh update, users can now operate the same YubiKeys on their iPhones that they previously used on their desktops. Until now, there has been a dearth of such support on mobile devices, despite Entra ID's long-standing support for passkeys on security keys like YubiKeys for Windows and other platforms.

The announcement of Microsoft's support for passkeys in Safari in July 2023 initially fuelled excitement, albeit the greater demand lay with native app support. Matching customer expectations, Microsoft's new announcement provides a complete, seamless experience for mobile device users, enabling them to sign in to both web applications and native apps using a YubiKey.

To kick-start using YubiKeys in Entra ID on mobile devices, one requires an iOS native app safeguarded with Entra ID. This app should then follow Microsoft guidelines, and it may call for the usage of Microsoft Authenticator until the developers revamp the apps to natively support a passkey sign-in experience.

A registered Entra ID account on a YubiKey 5 Series or YubiKey 5 FIPS Series and an Entra ID tenant that has activated support for passkeys (FIDO2 security keys) are other requisite elements to facilitate this method.

A noteworthy accompanying feature that Microsoft recently released is passwordless sign-in for Azure Virtual Desktop. By configuring Azure Virtual Desktop host pools to support passwordless Single Sign-On (SSO), security keys can now be conveniently used to sign in to remote desktops in order to access all applications with a typical Windows experience from any location.

This passwordless login facility for Azure Virtual Desktop, when paired with the iOS Remote Desktop application, demonstrates the dual feature where a user can use their iPhone and a YubiKey to access their Windows 11 virtual desktops without the need for a password.

This complete passkey support for iOS for apps protected with Entra ID is an exciting advancement while offering a beacon of hope for Entra ID customers to be phishing-resistant on Android devices utilising YubiKeys as Smart Cards and on YubiKeys using the more recent passkeys.