Received a great FIDO2 Test kit from the vendor PointBlank Security / TrustKey Solutions https://www.trustkeysolutions.com/ https://www.pointblank.de/en/
As FIDO2 is the new hot item in the security world, let see if it is that easy to implement and to use. I’m not going into the depth specs of the keys but more as a user view. easy to use and setup is this key to use by anyone.
for all the Azure AD login this is usable when the Microsoft authentication challenge is the say for Windows virtual desktop (WVD) you can use this.
I have a USB key and a USB-C type key.
I use my Computer with the normal USB for this so the Trustkey G310 model
Setting the Key en use it is simple I configured the Azure Active directory did some easy settings add the Key to my profile and ready.
First we Enable FIDO2 security key in the Azure AD this is been configured from the Azure Portal.
Azure Active directory <> Security
Next we go to authentication methods.
Here we can change the authentication type for all users of for a select of users.
When this is done you can set the fido option in your profile. If this is your own account then in the top of the azure portal you can go directly to your user account . or go to https://myaccount.microsoft.com/
Go to Security info
Here you can do add a method
Adding the Security key or if you want to used the phone the method is similar.
Now that we have chosen the FIDO2 Security Key we can configure this with a PIN.
Choose a proper Pin and use the Key. Now everything is set and ready to use.
Whenever you are challenged to login with the Microsoft Azure AD account you can make the choice on using the USB key. You can also make this dedicated
So for samples we go to Browse to https://myprofile.microsoft.com use an in private session or different browser to make sure you test this right.
select sign in with a security key
When entering the PIN and touching the USB you will be granted to login when it was successful you will see the page else it will prompt you again.
All this is perfect usable to login into your WVD portal
Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Robert Smit MVP Linkedin profile
Google : Robert Smit MVP profile
4 thoughts on “Starting with FIDO2 security keys With Azure Active Directory #Trustkey #pointblank #fido #Azure #Security #AAD”
how does the fingerprint recognition capability of the G310 work in conjunction with Azure AD logons?
Hi the G310 has no fingerprint reader it needs to be touched. So basically it could be done by any one. it is just as your car key if you have the key you can drive. But i must say it works perfectly quick response. where the Azure authentication app sometimes is delayed works this fast all the time. The only thing is you need the USB key and don’t leave it in the machine if you leave.
Hi! According to https://www.trustkeysolutions.com/security-keys/goldengate-g310/, the G310 has a fingerprint reader. I assume the fingerprint recognition unlocks the FIDO2 key (instead of using a PIN to unlock the key like e. g. with the Yubikeys).
Quote: “…powerful microprocessor with extensive security features and a fingerprint sensor with a world-leading fingerprint recognition algorithm…”
Also here they talk about fingerprint recognition:
Introducing TrustKey G310 G320 (youtube): https://www.youtube.com/watch?v=nSauKCaryyA