In yet another step towards our passwordless futures, Microsoft this past week unveiled a public preview of Azure Active Directory (AAD) Certificate-Based Authentication (CBA) on mobile.
“At Ignite 2022 we announced the general availability of Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA) as a part of Microsoft’s commitment to Executive Order 14028, Improving the Nation’s Cybersecurity,” Microsoft’s Alex Weinert explains. “Now, we’re thrilled to announce the public preview of Azure AD CBA support on iOS and Android devices using certificates on hardware security key (YubiKey).”
This feature lets admins enforce multi-factor authentication (MFA) on mobile without having to provision certificates on each device, allowing users to use their own smartphones and remain secure. This solution is, in Microsoft’s words, a simple, convenient, FIPS (Federal Information Processing Standards) certified phishing-resistant MFA method.
Based on the description, it appears that users simply need to plug a YubiKey into their smartphone, choose a certificate from a list, and then enter a PIN. And coming support for NFC keys should make things even simpler.