Secure Windows App Development

Authentication

******** username

******** username

Users sign in from any device using their existing username/password. 1 Users must also authenticate using their phone or mobile device before access is granted. 2 User Apps Microsoft Azure Active Directory Multi-Factor Authentication Server Microsoft-Azure/AzureCon-2015/ACON312

Introducing Microsoft Passport and Windows Hello

During OOBE setup

1. Validate if the user has set up a PIN, and optionally Windows Hello, on their device KeyCredentialManager.IsSupportedAsync 2. Create CredentialKey and attestation KeyCredentialManager.RequestCreateAsync 3. Register public key, attestation and user information with the server for validation on login

37451

Microsoft Passport and Windows Hello

Securing data in flight

Client/server Web services

More control over validation Can validate certificate chain Custom logic for multiple domains/root CAs

SSL Pinning

API Microsoft-Azure/AzureCon-2015/ACON313

Securing data at rest

var vault = new Windows.Security.Credentials.PasswordVault(); vault.Add(new Windows.Security.Credentials.PasswordCredential("My App", username, password));

© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.