Go Passwordless with YubiKey and Microsoft Azure Active Directory

March 2, 2021 3 minute read
person logging into laptop using YubiKey and Microsoft Azure AD

Today, Yubico celebrates an important milestone in the evolution of modern authentication. We are excited to report that YubiKey passwordless authentication is now generally available to Microsoft’s Azure Active Directory (Azure AD) users, a critical step toward achieving better security without compromising usability. Nearly three years ago, Yubico started on this journey with Microsoft and brought the first FIDO2-enabled security key to the market. Today’s announcement highlights our commitment to continue delivering trust at scale.

What does passwordless general availability mean?

With the general availability of passwordless login for Azure AD, admins can now enable a passwordless login flow for their users with a variety of authentication options including: Windows Hello, Microsoft Authenticator App, and FIDO2 security keys, like YubiKeys. Once enabled, enrolling, adding, and removing YubiKeys is a self-service process for employees. 

End-users can experience passwordless authentication with a YubiKey to log in to: 

  • Microsoft 365 web apps on the Chrome (version 66 and above) and Edge (version 1903 and above) desktop browsers
  • Enterprise applications federated with Azure Active Directory 
  • Windows 10 devices (version 1909 and above) joined to Azure Active Directory
  • Windows 10 devices (version 2004 and above) joined to a hybrid Active Directory 

“Now with broad support for FIDO2 standards, our customers can provide an authentication experience for their users that is effortless, cross platform, and highly secure,” said Alex Simons, Corporate Vice President of Program Management, Microsoft Identity Division. “We are happy to be part of a collaboration with Yubico in our joint effort to move beyond passwords and provide more secure environments for today’s workforce.”

Which YubiKeys support passwordless authentication with Azure Active Directory?

Many YubiKeys support Microsoft’s passwordless authentication, including the flagship YubiKey 5 Series, and the Security Key NFC by Yubico.

The YubiKey 5 Series is Yubico’s line of multi-protocol keys designed for enterprises and prosumers. These keys support FIDO2, along with five other authentication protocols, on one device: FIDO U2F, PIV (smart card), OTP (one-time password), OpenPGP, and static password. This enables YubiKey 5 Series keys to serve as a “bridge to passwordless” as they provide strong authentication across existing environments and modern environments like Azure AD. The YubiKey 5 Series comes in a variety of form factors and can connect via USB-A, USB-C, Lightning, and near-field communication (NFC).

The Security Key NFC by Yubico is a FIDO-only authentication device and supports both USB-A and NFC connections. The upcoming YubiKey Bio is also a FIDO-only authentication key that will support passwordless authentication in Microsoft environments using USB-A or USB-C connections. The YubiKey Bio is currently in private preview and you can register here to get updates.

How do you get started with YubiKeys and Microsoft Azure Active Directory? 

To get started with passwordless authentication in your Microsoft environment, visit our e-commerce site to purchase a passwordless starter kit, or contact the Yubico sales team to get a consultation and learn about what solutions are best suited for your needs. 

You can also learn more about other YubiKey and Microsoft passwordless deployments by reading our latest case study with the Government of Nunavut. In 2019, the Government of Nunavut turned to phishing-resistant YubiKeys and Azure AD to rebuild their infrastructure after a ransomware attack. 

For additional resources about Microsoft’s passwordless authentication please visit their blog or register for the upcoming webinar on March 25, “What you can do today with passwordless AD and YubiKeys.”

Share this article:

Recommended content