Azure Single Sign-on and Passwordless Authentication

Microsoft has announced the public preview of single sign-on and passwordless authentication for Azure Virtual Desktop. The “new functionality is currently available on Windows 10, Windows 11 and Windows Server 2022 session hosts, once [users have] installed the September Cumulative Update Preview.”

Note

This is using Windows Hello and FIDO2. If you’re looking to start experimenting with passwordless, FIDO2, SSO and IDP /Azure AD integration give this a shot, particularly if you’re looking at using Azure remote workstations to provide a secure environment independent of the connecting endpoint.
This is very similar to Apple’s Passkey, where both vendors (and Google) are implementing the FIDO authentication standard into their operating systems. This has the potential to make strong authentication far easier for people, and far more secure. By building the FIDO standard into Microsoft / Apple / Google devices, we are moving to token-based authentication (device you have) which is authorized by biometrics. In other words, if a website supports the FIDO standard for authentication, then you register your device(s) with that site and when you want to login, you simply have your device with you and approve it with biometrics. Very simple and secure. The trick over the coming years will be pushing websites to support this. Love this solution as it takes one of the most complex security controls (authentication) out of people’s hands and puts it almost entirely in the tech side.
Any alternative to fraudulently reusable credentials should be welcome and embraced. Perhaps we are beginning to see techs looking for broadly applicable solutions instead of simply identifying and exposing vulnerabilities. We need to make doing it right easier than doing it wrong.

Read more in

It looks like you are using an adblocker.