Microsoft launches passwordless authentication for Azure AD on iOS and Android

Minimizing the chances of phishing and credential theft

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoftis looking to better protect hybrid workers connecting to its Azure Active Directory (AD) service via iOS or Androidendpointsfrom phishing andpassword-stealing attacks.

The company has introduced a new authentication method for the enterprise identity service that it says is a paswordless, certificate-based authentication (CBA) one, enabled through the YubiKey hardwaresecurity key, built by Yubico.

According to Microsoft’s announcement, the tool will give mobile users Federal Information Processing Standards (FIPS) certified login solution, fully resistant to phishing attacks.

Easy and secure authentication

“U.S. cybersecurity Executive Order 14028 requires the use of phishing-resistant MFA on all device platforms. On mobile, while customers can provision user certificates on their personal mobile device to be used for authentication, this is primarily feasible for managed mobile devices. But this new public preview unlocks support for BYOD,” Vimala Ranganathan, product manager of Microsoft Entra, wrote in theblog postannouncing the new features.

With the new solution, Microsoft AD users will be able to provision certificates with a hardware security key, allowing them to easily authenticate on mobile devices.Apple’s iOS users need to register via the Yubico Authenticator app, and copy the public certificate into the iOS keychain. After that, they can select the YubiKey certificate to sign in, and enter the PIN code.

Apple says it’s game over for the password>Microsoft is doing away with passwords for Azure Virtual Desktop>Here are the best authentication apps today

For Android users, Microsoft said Azure AD CBA support with YubiKey on Android mobile is enabled via the latest MSAL. Android users don’t need the YubiKey Authenticator app, as they can plug in their YubiKey via USB, initiate Azure AD CBA, pick the certificate from YubiKey, enter the PIN and get authenticated.

Microsoft claims this authentication method minimizes the chances of credential theft and identity theft, done through phishing or social engineering.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Microsoft’s mobile certificate-based solution coupled with the hardware security keys is a simple, convenient FIPS-certified phishing-resistant MFA method,” Ranganathan concluded.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Filming with an iPhone? A smart, AI-powered gimbal from Hohem can help