While I really like this in theory, unfortunately, because iOS only allows one app to offer PassKeys, this won't work for us. My firm has a BYOD policy, and plenty of our users use their own password solution (e.g. built-in, 1Password, etc) and forcing them to switch to using the MS Auth app is a no go. Hopefully Microsoft works towards allowing other non-MS Auth Passkeys in the near future.
@StevenMcKenzie-83
3 ай бұрын
@@JamesWimmer you should test it. I believe it does you need need add the app id to passkey in admin center.
@JamesWimmer
3 ай бұрын
@@StevenMcKenzie-83 I have and it errors out every time I try. Based on what I've read, Microsoft is targeting late 2024 to allow other apps. I could be completely wrong, but right now they only support device bound keys, whereas 1Password would be considered synced keys, which aren't yet supported.
@philhersh
3 ай бұрын
I've gotten 1Password to work but it’s very flaky. I wouldn’t give it to my users, yet 😊
@bearded365guy
3 ай бұрын
@@JamesWimmer Good point. Hopefully Microsoft will sort this.
@christophecolnaghi-pierre2697
2 ай бұрын
thanks for this video Jonathan, just tried it on my 365 family subscription, and it works like a charm, need to discuss now with my client's CSO 🙂
@teddmented
17 сағат бұрын
Another terrific video thank you
@Jordan-k7l
18 күн бұрын
iOS 18 update, iPhone settings to configure: Settings > General > Autofill & Passwords.
@SonnyTheITguy
11 күн бұрын
Simplicity and security is the 🗝 Thank you #bearded365guy !!! 🔥 🚀 💯
@networkn
3 ай бұрын
Thanks Jonathan, great video. You didn't cover one particular thing. What happens if you lose the device that has your Passkeys Stored? Phone gets dropped or stolen or left in a taxi after a wild night ?
@bearded365guy
3 ай бұрын
@@networkn Ring the taxi company 😩 - you can delete a users passkey from the 365 admin centre. I’ll record a video….
@networkn
3 ай бұрын
@@bearded365guy I get that, however if you have your admins only able to use phish resistant login methods it's a decent sized risk. I'd suggest a two pronged approach like passkeys required outside of main office ip but mfa allowed inside office. Pretty secure still. What do you think?
@bearded365guy
3 ай бұрын
@@networkn Yes, good idea. But we always have a break glass account for 365 too…. Long long password, no CA, no MFA.
@paulgilbert3618
2 ай бұрын
Thanks for the video. I set this up as you described but each time I try and sign in it asks me to insert a security key into the USB port. Any ideas?
@ArditaLilaj-h1t
9 күн бұрын
@Jonathan Edwards you have to enable MFA to use FIDO, you cannot just setup FIDO and expect it to work. Your setup screen under Authentication Methods shows everything isn't enabled.
@bearded365guy
9 күн бұрын
MFA was enabled on this test tenant using legacy MFA settings.
@ArditaLilaj-h1t
8 күн бұрын
@@bearded365guy I have had a lot of uses using the non-legacy MFA and FIDO Passkey options to get my YubiKey's setup. But after fighting with Entra/Intune for a couple of days it started to work. lol
@StevenMcKenzie-83
3 ай бұрын
Awesome video. Makes much more sense now how it works. My only question is how do you setup new users who have just started that CA policy will block them right? Or would it go straight to setup page?
@bearded365guy
3 ай бұрын
@@StevenMcKenzie-83 Ah, I should have included that in the video. You will need to use temporary access passwords as outlined here: learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-temporary-access-pass
@StevenMcKenzie-83
3 ай бұрын
@@bearded365guy so with a new user you give them temporary password and when they sign in it goes straight into passkey registration screen like it would do for MFA
@bearded365guy
3 ай бұрын
@@StevenMcKenzie-83 Yes, that’s right.
@MrSam_Derp_Man
3 ай бұрын
important side note: Your mobile device needs to run iOS version 17, or Android version 14, or later.
@andrewenglish3810
22 күн бұрын
Can you use a YubiKey still? Since MS is enforcing MFA on all admin accounts that have access to the Admin Centre I don't really want to put the admin MFA on my phone and would rather use an YubiKey, this way if I am away or leave the company they can still get in.
@jaybigboy34
9 күн бұрын
I am thinking the pc has to be bluetooth compatible for this to work, correct?
@bearded365guy
9 күн бұрын
@@jaybigboy34 Yes!
@mdoner
2 ай бұрын
Great video - thank you for all your content. I'm an Android guy - tried setting this up, believe I have the Passkey registered OK. When I attempt to sign in; I get a 'passkey not found' popup on my phone. I have confirmed that I marked Authenticator as a provider. Anyone else experiencing this issue? - I understand this is still in preview and there may likely be some kinks. Thanks!
@bearded365guy
2 ай бұрын
@@mdoner If you go into your security info in 365, can you see the passkey registered? Which method did you use to register your passkey?
@mindenesvegyes8512
3 ай бұрын
Fantastic video Jonathan! I really love your work and dedication. Clear, helpful, focused. Please never stop :)
@britishagent
3 ай бұрын
So, do you have to keep scanning a QR code to sign in or only do that once? I would presume your biometric would be primary identifier afterwards?
@bearded365guy
3 ай бұрын
@@britishagent keep scanning…
@techgroupservices
3 ай бұрын
Fantastic video Jonathan! Once the new passkey account has been added to the Microsoft Authenticator app is it safe to assume the users original account can be removed from the authenticator app?
@bearded365guy
3 ай бұрын
@@techgroupservices I’ve not tested that yet. I don’t want to say either way 😁
@StevenMcKenzie-83
3 ай бұрын
Was going to ask the same question
@maltbycentre3394
2 ай бұрын
That's great! Is it possible to validate the credentials via WHfB? By inputting the PIN or fingerprint? Thank you
@bearded365guy
2 ай бұрын
@@maltbycentre3394 Yes!
@networkn
2 ай бұрын
I have a question if I may. I have set it up. Went swimmingly. I can login on the computer I configured the passkey to my Android MS Authenticator, but when I try and login elsewhere, and select passkey, it asks me to insert my USB Key! I've tried a few different browsers etc, no luck! I don't think I missed anything, there are two AAGuids in the config.
@kevinbeutler910
3 ай бұрын
Thank Jonathan, always look forward to your new videos. I'm currently testing this is my environment and found that if I enable the Conditional Access policy to require the Phishing-Resistant MFA to log in, my Teams and Outlook are not able to sign in anymore. Have you heard about any development for getting mobile log ins into M365 apps working?
@bearded365guy
3 ай бұрын
@@kevinbeutler910 Are those Teams and Outlook desktop clients?
@kevinbeutler910
3 ай бұрын
@@bearded365guy It's actually Teams and Outlook on Android and iOS devices. The CA policy works fine on desktops. Still trying to troubleshoot but any insight you have would be awesome to hear. 😊
@zachorton864
2 ай бұрын
@@kevinbeutler910 Hey Kevin - Im hitting the same snags with the Mobile applications on our Androids. It just doesnt give us the option to use the Passkey in the authentication app.
@ScozzieMan
2 ай бұрын
can i ask if this can still be set up on a hybrid set up?
@bearded365guy
2 ай бұрын
Yes!
@robertpearson5069
2 ай бұрын
Would be cool if this could be used to sign into windows itself.
@bearded365guy
2 ай бұрын
It really would be cool!
@lee161a
2 ай бұрын
It doesn't work with Web Sign-in for Entra ID joined Windows 11 devices?
@bearded365guy
2 ай бұрын
@@lee161a Yes, for web sign in. Not to log into Windows PC
@lee161a
2 ай бұрын
@@bearded365guy I mean the feature "Web sign-in for Windows" that gives you an embedded browser window at the Ctrl-Alt-Delete screen to logon with OIDC to Windows.
@fxylk
3 ай бұрын
Amazing 🤩🤩🤩 now I need to secure my admin accounts 😅
@hasher87
2 ай бұрын
What would you recommend if we want to set this up but for laptop login with their AD/AAD account?
@bearded365guy
2 ай бұрын
@@hasher87 you can use Windows Hello
@jjrscorpion
3 ай бұрын
Hi Johnathan, I've recently discovered your channel and love the content. Will the passkey keep de session alive indefinitely? Thanks in advance
@bearded365guy
3 ай бұрын
@@jjrscorpion that would depend on the other policies you have in place 👍
@karlok.9631
3 ай бұрын
Thank you. Keep it up.
@alexjacxsens5134
3 ай бұрын
Hi Jonathan. Great tutorial! What if users switch phone? Can they switch the passkey also?
@bearded365guy
3 ай бұрын
@@alexjacxsens5134 they can backup their authenticator app.
@joeyusf
14 күн бұрын
@@bearded365guy what happen if their personal icloud account got hacked into is that means their passkey also fall into the hacker's hand?
@tiqhubwork
3 ай бұрын
Hey Jonathan , can we add multiple passkeys into the MS Authenticator ?...
@bearded365guy
3 ай бұрын
@@tiqhubwork Yes, I have 3 in mine.
@pkeonz5300
3 ай бұрын
Hi Johnathan, thanks for the great video, but I have a question, how do bulk users enable the key feature? Thanks!!
@bearded365guy
3 ай бұрын
@@pkeonz5300 Hi, not sure I quite understand the question….
@theoyiorkas
3 ай бұрын
Through conditional access policy.
@ensarguler7684
2 ай бұрын
Does enabling the Fido2 security key method stop the 'Security Defaults' company-wide feature from working?
@bearded365guy
2 ай бұрын
@@ensarguler7684 No, it shouldn’t do.
@techjordan
2 ай бұрын
When enforcing key restrictions in Entra Id, if I have users already using fido2 keys would I have to restrict for those as well so that they continue to work?
@bearded365guy
2 ай бұрын
@@techjordan Are they Yubikey’s? Read this - support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs. If you remember in the video, I added the iOS and Android AAGUIDs
@bearded365guy
2 ай бұрын
@@techjordan Or you could use groups instead of all users.
@tejasshirgaonkar9608
3 ай бұрын
Absolutely amazed with your presentation, crisp and complete information!!! Apart from M365 Business Premium licenses, I suppose this feature should also be available for users with E3 licenses, What are your thoughts?
@StevenMcKenzie-83
3 ай бұрын
@@tejasshirgaonkar9608 yes works for anyone with P1 licence
@bearded365guy
3 ай бұрын
@@tejasshirgaonkar9608 Yes, it will be!
@adventuresofa9jaguy322
3 ай бұрын
Currently trying this and i think the CA policy takes time to kick in... maybe ill give it like 2 hrs but i did try the manual one and it doesnt feel seamless.. yubikeys just might be better but more expensive. EDIT - it works now! 💪
@cjax235
3 ай бұрын
Brilliant (and timely) as ever
@robjeeves
Ай бұрын
bro, man in the mirror :-) Hilarious little joke in there. Good job !!!
@bearded365guy
Ай бұрын
🤣
@expensivetechnology9963
3 ай бұрын
#JonathanEdwards I like your polished helpful content. However, I’m leery of sharing anything with Microsoft. When I do as you suggest @5:23? (e.g. enabling Microsoft Authenticator) Does this share my IOS passwords with Microsoft Authenticator?
@bearded365guy
3 ай бұрын
@@expensivetechnology9963 No, nothing is shared.
@mohamehima1792
2 ай бұрын
thanks for the video, i followed all the stesp as explained and when i tried to login i got an error "try again"
@bearded365guy
2 ай бұрын
@@mohamehima1792 mmm…
@StijnHommes
2 ай бұрын
Please stop performing unmarked and misleading advertisements like this. 1. All advertising needs to be clearly marked in all videos. 2. Passkeys don't improve your security, so this advert is misleading from the very first line. Microsoft should be ashamed of themselves for lying like that. Why would you want to promote that trash? Hackers have already circumvented passkey "security".
Пікірлер: 83