Microsoft Brings Certificate-Based Authentication for AAD to Mobile

In yet another step towards our passwordless futures, Microsoft this past week unveiled a public preview of Azure Active Directory (AAD) Certificate-Based Authentication (CBA) on mobile.

“At Ignite 2022 we announced the general availability of Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA) as a part of Microsoft’s commitment to Executive Order 14028, Improving the Nation’s Cybersecurity,” Microsoft’s Alex Weinert explains. “Now, we’re thrilled to announce the public preview of Azure AD CBA support on iOS and Android devices using certificates on hardware security key (YubiKey).”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

This feature lets admins enforce multi-factor authentication (MFA) on mobile without having to provision certificates on each device, allowing users to use their own smartphones and remain secure. This solution is, in Microsoft’s words, a simple, convenient, FIPS (Federal Information Processing Standards) certified phishing-resistant MFA method.

Based on the description, it appears that users simply need to plug a YubiKey into their smartphone, choose a certificate from a list, and then enter a PIN. And coming support for NFC keys should make things even simpler.

Tagged with

Share post

Please check our Community Guidelines before commenting

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC