Windows Unlock with IoT Devices

Slides:



Advertisements
Similar presentations
demo Receive Inventory Export Parse and Normalize.
Advertisements

Secure Windows App Development. Authentication.
04 | Business Analyzer Brian Meier| Senior Lead Program Manager.
demo User Signs Up Temporary Account is Created with Verification Link Sent User Clicks Link Account is Activated Login.Register(userName,
DataModel VisualizationExternal Assets Workbook Excel Services API BrowserRich Apps EWA JSOMBrowser REST BrowserRich Apps.
11 | Managing User Info Jeremy Foster Michael Palermo
11/12/ :06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Secure your complete data lifecycle using Azure Information Protection
Microsoft Ignite /16/2018 3:12 PM BRK2119
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Accelerate GDPR compliance with Microsoft 365
Journey to Microsoft Secure Cloud
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
6/12/2018 3:52 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Secure authentication with Windows Hello
6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure AD for the client management guy (or gal!)
Deploy Windows 10 Mobile for the mobile workforce
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Optimizing Microsoft OneDrive for the enterprise
Office 365 Customer Key Jaclynn Hiranaka Senior Program Manager
Microsoft Ignite /18/2018 8:30 PM BRK2065
Information Protection
Microsoft Connect /23/2018 5:27 PM
Secure your complete data lifecycle using Azure Information Protection
9/11/ :55 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure API Management Jothi Prakash A
Enable external sharing and collaboration with OneDrive and SharePoint
Microsoft Build /13/2018 2:24 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Rights Management Services (RMS)
Customizing your device experience with assigned access
Microsoft Build /17/2018 5:42 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Microsoft Intune MAM without Device Enrollment
Windows Hello Sam Chang Senior Program Manager WinHEC 2015
Microsoft School Data Sync
Modernizing App Experiences
Newness and Coolness in Configuration MANAGER
Windows Store for Business
Microsoft Build /22/2018 3:05 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
The Microsoft 365 Powered Device
Understanding Wi-Fi Direct in Windows 8
Application Delivery & MAM Policy
Deploy Windows 10 Mobile for the mobile workforce
Microsoft Build /8/2018 8:41 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Microsoft Ignite /9/2018 5:03 AM BRK1010
Protect your OneDrive and SharePoint files on mobile devices
Building hardware-based security with a Trusted Platform Module (TPM)
Windows Hello in Microsoft Edge
5 things you didn’t know you can BUILD with Microsoft Edge
Microsoft Ignite /20/2018 2:21 PM
11/24/2018 4:51 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Build /24/2018 2:25 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
11/27/2018 6:59 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Modern Windows 10 device 12/2/2018 E3 E3 P E3 P P P P E3 E3 P P P P P
12/25/2018 5:11 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Blending the web with Windows
Office 365 Development.
Microsoft Connect /25/2019 1:20 PM
4/8/2019 3:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
4/15/2019 1:57 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
User Segmentation and Targeted Push Notifications for UWP apps
Microsoft Data Insights Summit
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Microsoft Data Insights Summit
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
11/11/2019 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
11/19/2019 4:08 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
11/25/ :29 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Presentation transcript:

Windows Unlock with IoT Devices Microsoft Build 2016 11/23/2018 6:12 PM Windows Unlock with IoT Devices Anoosh Saboori Senior Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MICROSOFT CONFIDENTIAL

Demos Microsoft Band Sign In 11/23/2018 6:12 PM Demos Microsoft Band Sign In © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/23/2018 6:12 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Passport & Windows Hello A two-factor authentication system built for you and your users Achieve higher levels of security while reducing costs Increase user convenience with simple unlock gestures

Private keys secured in TPM Second Factor in Previous Release Second Factor Windows Hello Biometric First Factor or PIN Private keys secured in TPM

Private keys secured in TPM Second Factor in Upcoming Release Second Factor Windows Hello Biometric First Factor or PIN or Private keys secured in TPM Companion Devices

11/23/2018 6:12 PM Overview © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Make Companion Device Sociable via Signals  Intent signal a signal that allows the user to show his intent for unlock Disambiguation signal a signal to disambiguate which Windows 10 desktop the user wants to unlock when multiple options are available to the Companion Device User presence signal a signal that proves presence of user, like a device PIN

User Flow Overview Set up a PC PIN Download and run the companion app on each of target Windows 10 desktop she wants to unlock with that Companion Device. Download and run the companion app on Windows 10 desktop to register the Companion Device with Windows 10 desktop Collect the signals and unlock PC when PC is in locked state

Messaging

Protocol Overview 11/23/2018 6:12 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Register Unlock

Security Principles PC unlock requires registered companion device being present Companion device only talks to PC with which it was registered HMAC key 1 (stored on Companion Device) HMAC key 2 (stored on both PC and Companion Device)

11/23/2018 6:12 PM Register © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Register background task Prepare Register background task Establish two HMAC keys, signals, and device capabilities Start Call RequestStartRegisteringDeviceAsync Finish Call FinishRegisteringDeviceAsync Clean up Companion Device stores HMAC keys Companion app discards its copies

Code Walkthrough Register 11/23/2018 6:12 PM Code Walkthrough Register © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

RequestStartRegisteringDeviceAsync API 11/23/2018 6:12 PM RequestStartRegisteringDeviceAsync API HRESULT RequestStartRegisteringDeviceAsync( [in] HSTRING deviceId, [in] SecondaryAuthenticationFactorDeviceCapabilities capabilities, [in] HSTRING deviceFriendlyName, [in] HSTRING deviceModelNumber, [in] Windows.Storage.Streams.IBuffer* deviceKey, [in] Windows.Storage.Streams.IBuffer* mutualAuthenticationKey, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorRegistrationResult*>** operation); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

FinishRegisteringDeviceAsync API 11/23/2018 6:12 PM FinishRegisteringDeviceAsync API HRESULT FinishRegisteringDeviceAsync( [in] Windows.Storage.Streams.IBuffer* deviceConfigurationData, [out, retval] Windows.Foundation.IAsyncAction** result); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/23/2018 6:12 PM Unlock © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Two API calls should be made within 20 seconds Microsoft Build 2016 11/23/2018 6:12 PM Wait WaitingForUserConfirmation, OR CollectingCredential Start Call StartAuthenticationAsync Compute Communicate with Companion Device to perform required HMAC operations Finish Call FinishAuthenticationAsync Wait for CredentialAuthenticated to start success flow Wait for StoppingAuthentication to kill your background task PC was locked All signals collected Two API calls should be made within 20 seconds © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Code Walkthrough Unlock 11/23/2018 6:12 PM Code Walkthrough Unlock © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

StartAuthenticationAsync API 11/23/2018 6:12 PM StartAuthenticationAsync API HRESULT StartAuthenticationAsync( [in] HSTRING deviceId, [in] Windows.Storage.Streams.IBuffer* serviceAuthenticationNonce, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorAuthenticationResult*>** operation); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

FinishAuthenticationAsync API 11/23/2018 6:12 PM FinishAuthenticationAsync API HRESULT FinishAuthenticationAsync( [in] Windows.Storage.Streams.IBuffer* deviceHmac, [in] Windows.Storage.Streams.IBuffer* sessionHmac, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorFinishAuthenticationStatus>** result); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Security, Management, and Policy 11/23/2018 6:12 PM Security, Management, and Policy © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

A Word on Security Protect HMAC keys, at rest and on fly offline attack cloning exportability Verify user presence securely anti spoofing uniqueness anti hammering reliable

Management Via Windows Via app Windows performs A/AD or MSA authentication Windows does not provide a portal to view, audit, revoke, or manage these devices Windows does not provide roaming Via app From the app, user can unregister a Companion Device MICROSOFT CONFIDENTIAL

IT Admin Concepts Policy Revocation An on/off switch for Companion Devices Allowed list of Companion Device apps via Windows app locker Revocation Remove a device type from companion app allowed list when a breach is detected in that device type MICROSOFT CONFIDENTIAL

Call to Action Send email to CDFOnboard@Microsoft.com to get started

11/23/2018 6:12 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.