Phishing-resistant MFA available now with Azure AD and YubiKeys

Microsoft recently announced the release of three new solutions that enable organizations to deploy Azure Active Directory (Azure AD) to fight phishing attacks in Azure, Office 365, and remote desktop environments. These solutions will be essential to mitigate phishing attacks and will play a key role in supporting organizations looking to comply with the Executive Order and Office of Management and Budget Memo M-22-09. These solutions include:

  • Certificate-based Authentication (CBA)
  • New authentication policies including FIDO and certificates
  • Azure Virtual Desktop (AVD) now supports FIDO in addition to certificates

“Providing new identity solutions to protect our customers is paramount in the fight to stop phishing,” said Sue Bohn, vice president of product management for Microsoft’s Identity and Network Access (IDNA) group. “We’re excited to launch these new features that support key steps customers can take in their Zero Trust journey, and Yubico has been with us fighting against phishing attacks every step of the way.”

Certificate-based Authentication

CBA is generally available for Azure AD. This feature enables organizations with existing smart card & public-key-infrastructure (PKI) deployments to authenticate to Azure AD without a federated server. Organizations can now use the same YubiKey as a smart card with Azure AD enabling them to migrate away from on-premises authentication solutions like ADFS as part of their Zero Trust and cloud strategies.

Conditional Access Authentication Strengths: Enforced FIDO or Certificate-based Authentication

This new feature from Microsoft enables organizations to fight phishing attacks by implementing specific user authentication policies. The public preview of Conditional Access Authentication Strengths enables organizations to restrict authentication to their requirements. These features enable enterprises to leverage YubiKeys for phishing-resistant MFA for FIDO-based passwordless (FIDO2/WebAuthn) or certificate-based authentication to enforce that YubiKeys are the only authentication solution allowed. By configuring Azure AD to require YubiKeys for phishing-resistant authentication, organizations are eliminating an entire attack vector for their most privileged users and safeguarding their most critical assets.

Yubico strongly encourages every organization to deploy Conditional Access Authentication Strength policies for your administrators today.

Azure Virtual Desktop adds support for FIDO authenticators

Azure Virtual Desktops (AVD) enable users to connect to a personal workstation in the cloud.  Users with a virtual desktop have the same security and work experience no matter where they are. At Ignite, Microsoft announced support for FIDO-based passwordless authentication in AVD.  This solution enables users to authenticate with their YubiKey and Azure AD passwordless credentials when the user signs into AVD or when they sign into an application inside their virtual desktop. The FIDO-based passwordless authentication solution augments the support for YubiKeys and certificate authentication currently supported in AVD.

Learn more

These new features announced by Microsoft are powerful tools for incorporating phishing-resistant MFA methods within your organization, and we’re excited to share additional details and best practices during our upcoming  webinar, New solutions to prevent phishing with Azure AD and YubiKeys, on November 3rd at 9am PT. Please register here to attend. 

Talk to our teamTalk to our team

Share this article:


  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard
  • Yubico recognized by TrustRadius 2025 Award for top customer reviewsAs AI-driven cyber threats like credential phishing evolve and grow in complexity, phishing-resistant YubiKeys are an important component toward cyber resilience — and our mission to make the internet more secure has never been more critical. To support this, customer feedback is something we take very seriously and is an invaluable tool to ensure we’re […]Read moreawardsTrustRadius
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more