These are great vids, thanks for posting. Its a shame the MS makes this process overly complicated, it dissuades some organizations from implementing these security measures.
@13:04 - Why Single-Sign-On did not work with Edge after the type the myprofile site? - How to get SSO at this stage? - You signed into windows 11 using your Azure AD account (using the key), so the Windows 11 should be AAD Joined or Registered.
Great video. I have MFA and FIDO2 setup for my users. But they are required to enter both PIN and then use a fingerprint. Is that how its supposed to work with these biometric Yubico keys?
Hi Travis, thank you for your well explained videos! I want to learn azure by doing it, creating ressources , whole architectures etc. So I was wondering if there are some kind of excercises which I can do. Is there something like that ?
I read a lot about passwordless authentication, but are you able to have Azure to disable the option to login in with password and another factor fully? As I understand it, this is only possible with ordinary Microsoft accounts (as from this fall), not with Azure AD accounts. If I use a supported browser I indeed do not get the option to login using password and a second factor, but if using an unsupported browser I still get the possibility to use my password and e.g. the Microsoft Authenticator. If you only want to be able to use a security key and no other option - is it possible with Azure AD user accounts yet?
Hello Mats, I don't know of any way to relay on only passwordless auth. Two factor MFA is required to onboard passwordless auth and is a failback if passwordless is not an option. Thanks, Travis
I didn't see anything about only US, but it's not supported on trail subscriptions learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-phone-options
These are great vids, thanks for posting. Its a shame the MS makes this process overly complicated, it dissuades some organizations from implementing these security measures.
@13:04 - Why Single-Sign-On did not work with Edge after the type the myprofile site?
- How to get SSO at this stage?
- You signed into windows 11 using your Azure AD account (using the key), so the Windows 11 should be AAD Joined or Registered.
@12:56 - at this point can you still use the key by selecting "Sign-in options" ???
@6:08 - How does one create a backup key?
- what to do if a key is stolen?
(Even if i still have my fingers)
Very good to the point explanation , great video as always
Great video. I have MFA and FIDO2 setup for my users. But they are required to enter both PIN and then use a fingerprint. Is that how its supposed to work with these biometric Yubico keys?
Thanks for this, very well done. You have a new subscriber.
I’m glad you found it useful!
Great vid. How about for Android? iOS?
Hi Travis, thank you for your well explained videos! I want to learn azure by doing it, creating ressources , whole architectures etc. So I was wondering if there are some kind of excercises which I can do. Is there something like that ?
I read a lot about passwordless authentication, but are you able to have Azure to disable the option to login in with password and another factor fully? As I understand it, this is only possible with ordinary Microsoft accounts (as from this fall), not with Azure AD accounts. If I use a supported browser I indeed do not get the option to login using password and a second factor, but if using an unsupported browser I still get the possibility to use my password and e.g. the Microsoft Authenticator. If you only want to be able to use a security key and no other option - is it possible with Azure AD user accounts yet?
Hello Mats, I don't know of any way to relay on only passwordless auth. Two factor MFA is required to onboard passwordless auth and is a failback if passwordless is not an option.
Thanks,
Travis
Is phone call supported still? I never saw it as an option... or is it US only?
I didn't see anything about only US, but it's not supported on trail subscriptions learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-phone-options
Can I do this procedure to login Linux?
Does this work for macOS?
Can you make this video with Microsoft authenticator
Great videos thanks for sharing