Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build 10586 SDK Update Andy Wigley Rajen Kishna @andy_wigley @rajen_k.

Published byShanna Pierce Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build 10586 SDK Update Andy Wigley Rajen Kishna @andy_wigley @rajen_k."— Presentation transcript:

1 Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build 10586 SDK Update
Andy Wigley Rajen Kishna @andy_wigley @rajen_k

2 Age of cybercrime

3 Password authentication
Challenges Credential theft through phishing Credential reuse Password complexity/expiration Password-reset mechanisms User password carelessness Password management for IT ******** username

4 Two-factor authentication
******** username Benefits Combining “something you know” with “something you have” Mitigates most challenges with password authentication Challenges Complexity of implementation (incl. cost) Difficulty of use for end-users

5 “Let’s make the internet safer by getting rid of passwords”

6 Introducing Microsoft Passport and Windows Hello

7 Microsoft Passport & Windows Hello
Convenient multi-factor authentication Microsoft Passport Enterprise-grade two-factor authentication Device + biometric or PIN Windows Hello End-user experience for authentication Biometric framework supporting face, iris and fingerprint

8 What is Microsoft Passport for Work?
Designed for integration with your existing and future directory infrastructure and device deployments Azure Active Directory and on-premises Active Directory Single sign-on with PIN/Windows Hello Group Policy Management

9 Microsoft Passport enrollment in Windows 10
During out-of-box-experience (OOBE) setup

10 Demo: How to setup your PIN

11 Implementing Microsoft Passport and Windows Hello in your Universal Windows Platform app

12 Steps to enable Microsoft Passport in your app
Enrol or sign-up a new user and device Authenticate user with Microsoft Passport (PIN) or Windows Hello (biometrics) Provide mechanism to disable devices and users

13 Enabling Microsoft Passport in your app
Validate if the user has set up a PIN, and optionally Windows Hello, on their device KeyCredentialManager.IsSupportedAsync Create CredentialKey and attestation KeyCredentialManager.RequestCreateAsync Register public key, attestation and user information with the server for validation on login

14 Storing public keys for the user
You might need to change your server-side database to store multiple keys

15 Demo: Step 1, enroll new device and user

16 Microsoft Passport authentication
Application Start and request data from backend service Server needs the user to authenticate first and sends a challenge App needs to sign the challenge with the private key. var signResult = await userKey.RequestSignAsync(message); User is prompted for PIN or Biometric gesture Challenge is signed and send back to the server Server validates the signature with the public key from the user already stored If valid, authorizes the user and returns the requested data 3 7 4 5 1

17 High level overview authentication process

18 Demo: Authenticate user against backend

19 Other things to consider
Un-enrol users and devices Independently provide a mechanism for users to un-enrol specific devices Enrol extra devices Adding additional devices for a particular user Secure challenge/response Prevent replays Proprietary to your implementation

20 Summary Convenient for the user
User only has to remember PIN or can use Windows Hello No secrets are stored on servers -> Two factor authentication with asymmetric keys More information on Developer whitepaper on Microsoft Passport and Windows Hello Sample available on GitHub on December 16

21

Download ppt "Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build 10586 SDK Update Andy Wigley Rajen Kishna @andy_wigley @rajen_k."

Similar presentations

Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.

Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
SharePoint External Login Access – Forms Authentication vs Azure ACS.

SharePoint External Login Access – Forms Authentication vs Azure ACS.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Identity on Force.com & Benefits of SSO Nick Simha.

Identity on Force.com & Benefits of SSO Nick Simha.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Alessandro Cardoso Microsoft MVP | Readify National Manager |

Alessandro Cardoso Microsoft MVP | Readify National Manager |

Similar presentations

Ads by Google