polewsub.blogg.se - Fido 2 key

Besides the phone sign in option they can also use the security key as a hardware MFA token, which they can use during for example their WHfB enrollment which requires MFA. These users can use FIDO2 Security keys to provide them a password-less experience instead of the phone sign in option.

There are users who don’t have a business phone and don’t want to use their personal phone for business activities (for all the right reasons). Using FIDO2 Security Keys for users who don’t have a corporate mobile phone and / or want to use the Security Key for multi factor purposes.

For those reasons you can give these users the opportunity to use a FIDO2 Security Key instead to make sure they only have one single PIN which can be used across all devices. If users have three personal business devices it’s not helpful to have three different PINs on all these devices.

Using FIDO2 Security Keys for users who have more than one device.

FIDO2 Security keys can give these devices and therefore users a password-less experience. Devices who don’t have a TPM chip installed therefore aren’t prompted for a WHfB enrollment. This results in a hard requirement of a TPM Chip within the device. In my previous blog post I’ve used the WHfB key-trust scenario for several reasons.

Using FIDO2 Security Keys on devices which don’t have a TPM.

Shared devices only support up to a maximum of 10 Windows Hello for Business enrollments and therefore Windows Hello for Business shouldn’t be enabled on these types of devices as the 11 th users wouldn’t be prompted for a WHfB enrollment.

Using FIDO2 Security Keys on shared devices.

There are several scenarios for which FIDO2 Keys are a perfect fit within the enterprise business, these are:

So I can imagine you would think why should I use security keys in my environment? As described in my previous blog posts, you can work password-less via phone sign-in & Windows Hello for Business ( Hybrid).