Microsoft is stepping up its security game for Entra ID by integrating FIDO2 provisioning APIs, aiming to bolster phishing-resistant measures. This update is set to benefit current YubiKey users and attract those considering using such advanced security devices. Yubico, a trusted partner of Microsoft, is fully backing this initiative.

Natee Pretikul, Principal Product Management Lead at Microsoft Security, highlighted the importance of this development: “Phishing-resistant multi-factor authentication (MFA) is crucial for a secure cybersecurity practice. Our integration with Yubico through the FIDO2 Provisioning API enables enterprise customers to quickly implement YubiKey, enhancing employee protection more efficiently.”

For over a decade, Yubico and Microsoft have worked together to implement top-tier security solutions. Recently, Microsoft has made multi-factor authentication (MFA) mandatory for all Azure users. This move is a significant step towards enhancing user security and combating phishing attempts.

Yubico welcomed Microsoft’s mandate and urged organizations to extend modern MFA solutions beyond just Azure users. In their detailed response, Yubico stressed the importance of protecting all resources by applying security policies to every user and application through Conditional Access Policy Authentication Strengths. They recommend adopting phishing-resistant MFA solutions like YubiKey for robust security.

These new FIDO2 provisioning APIs are a game-changer. They allow organizations to develop administrator-led provisioning clients, simplifying the setup of hardware security keys like the YubiKey. Previously, users had to register their own security keys, often using phishable methods like Temporary Access Passes.

The introduction of these APIs ensures users can be onboarded or recover accounts without using insecure, phishable methods. This advancement is particularly beneficial for multinational companies and government agencies, closing gaps in their security measures.

YubiKeys are designed to prevent account takeovers by offering strong two-factor, multi-factor, and passwordless authentication. Yubico points out that not all MFA methods are equal. Legacy methods, like passwords and mobile-based authentication, are vulnerable to phishing, malware, and SIM swaps. This vulnerability is especially critical for Microsoft services like Azure, Microsoft 365, and Dynamics 365.

Yubico is committed to seamless integration of YubiKeys within the Microsoft ecosystem. The company has released a GitHub project demonstrating how customers can leverage the new Microsoft Graph APIs. Erik Parkkonen, Senior Solutions Architect of Integrations at Yubico, said, “With Microsoft’s commitment to the highest security standards and our integration with Entra ID, YubiKeys provide a robust, seamless solution that strengthens security while simplifying the user experience.”

Furthermore, Yubico noted that YubiKeys can be used across various devices, including the Surface Pro 10 for Business. This feature supports secure authentication for different user categories, such as mobile-restricted users and factory floor workers.

Reiterating its commitment to staying ahead of cyber threats in partnership with Microsoft, Yubico encourages organizations to prepare for the Azure MFA mandate and review Microsoft’s guidance to identify impacted users. The company advises organizations to leverage Microsoft’s built-in Authentication Strengths or develop custom ones to enforce phishing-resistant MFA across all users and applications.

Additionally, industry experts have praised this initiative, highlighting the growing necessity of robust security measures in the face of increasing cyber threats. The integration of FIDO2 APIs with YubiKeys is seen as a vital step towards a more secure digital environment, ensuring that enterprises can safeguard sensitive information effectively.

With cyber threats evolving rapidly, this collaboration between Microsoft and Yubico represents a proactive approach to security, emphasizing the importance of adopting advanced MFA solutions to protect against sophisticated phishing and other cyber-attacks.