Presentation is loading. Please wait.

Presentation is loading. Please wait.

Say goodbye to passwords

Published byShona Gardner Modified over 6 years ago

Similar presentations

Presentation on theme: "Say goodbye to passwords"— Presentation transcript:

1 Say goodbye to passwords
8/27/2018 9:28 AM Say goodbye to passwords Alex Simons Partner Director Program Management Microsoft Identity Division © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Nobody likes passwords
8/27/2018 9:28 AM John Doe lllllll Nobody likes passwords Alpha-numeric passwords are hard for humans to remember and easy for computers to guess On mobile devices entering passwords is impossible Credential reuse across multiple services increases attack surfaces Even the strongest passwords are easily phishable © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Nobody likes passwords
8/27/2018 9:28 AM John Doe lllllll Nobody likes passwords #1 COST for Enterprise IT departments For Microsoft account, in the month of July 686K forgotten passwords $12M+ spent on forgotten passwords © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Nobody likes passwords
8/27/2018 9:28 AM Nobody likes passwords Passwords + 2FA is more secure, but also more complicated and difficult to use. 2FA verification code: MESSAGES John Doe lllllll + 2FA Passwords © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Passwords + standard 2FA
The search for better High Security Passwords + standard 2FA ? 2FA verification code: MESSAGES Inconvenient Convenient John Doe lllllll Passwords Low Security

6 Certificate Authentication
8/27/2018 9:28 AM Current solutions Certificate Authentication Smartcards © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Current solutions 8/27/2018 9:28 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 On the road to… NO PASSWORDS 8/27/2018 9:28 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 37M active Windows Hello users
8/27/2018 9:28 AM Windows 10 with Hello Passwordless authentication User-friendly experience Enterprise grade security 37M active Windows Hello users enterprises have deployed Windows Hello for Business © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Windows 10 Hello for Business provisioning
8/27/2018 9:28 AM Windows 10 Hello for Business provisioning 1 User authenticates with password + MFA, provides bio-gesture Windows generates private & public key in the Trusted Platform Module (TPM) protected with bio-gesture + attestation blob 2 4 3 Windows sends public key + attestation blob 3 5 Azure AD verifies public key with attestation blob and registers the key with the user 4 5 Azure AD returns key ID to client 1 2 Windows 10 device For security reasons, we require additional information to verify your account. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. User begins to log in Authenticating service shows sign-on challenge User authenticates using FIDO-compliant device Service completes authentication with service

11 Windows 10 Hello for Business sign in
8/27/2018 9:28 AM Windows 10 Hello for Business sign in 1 User sign-in with bio-gesture unlocks TPM holding private key 2 Windows sends “hello” 3 Azure AD sends back nonce 3 5 4 Windows uses private key to sign nonce and returns to Azure AD with key ID 2 4 6 5 Azure AD returns PRT + encrypted session key protected in TPM Windows returns the signed PRT and derived session key to Azure AD to verify 6 1 Windows 10 device + © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 The roadmap to no more passwords
8/27/2018 9:28 AM The roadmap to no more passwords On-premises app Web app SaaS service Device unlock Windows 10 or other OS Microsoft Edge or other browser Any device Microsoft Authenticator Device + Biometric Biometric on device + Microsoft account Azure Active Directory © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Microsoft Account (MSA)
8/27/2018 9:28 AM Microsoft Account (MSA) Phone sign-in using Microsoft Authenticator Passwordless authentication Public / Private key exchange Contoso IT © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 8/27/2018 9:28 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Just around the bend… 8/27/2018 9:28 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Azure Active Directory
8/27/2018 9:28 AM Azure Active Directory © 2017 Microsoft Terms of Use Privacy & Cookies Cancel Need Help? Making sure it’s you Follow the instructions on the Microsoft Authenticator app and enter the number you see below. 4026 Phone sign-in using Microsoft Authenticator Passwordless authentication Public / Private key exchange Contoso Coming in Spring 2018 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Spring 2018 FIDO 2.0 compliant POC ready (cloud-only) Device unlock
8/27/2018 9:28 AM Spring 2018 FIDO 2.0 compliant POC ready (cloud-only) Device unlock Web Authentication © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 8/27/2018 9:28 AM Fast IDentity Online 2.0 Standards-based, interoperable authentication 2.0 Works with the same devices people use every day Based on public key cryptography Biometrics and keys never leave the device Protects against phishing, man-in-the-middle and replay attacks © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 FIDO Alliance board members
…and hundreds of industry partners

20 Demo Manini Roy Program Manager Microsoft Identity Division
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Microsoft Authenticator
8/27/2018 9:28 AM Microsoft Authenticator Contoso Add FIDO 2.0 support Great solution for Windows 7, MacOS, and Linux Coming in Summer 2018 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Fall 2018 Target release for production deployment Hybrid support
8/27/2018 9:28 AM Fall 2018 Target release for production deployment Hybrid support Trusted user or employee self-service provisioning © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Getting started on your passwordless journey
8/27/2018 Getting started on your passwordless journey 1 2 3 4 Deploy Windows Hello for Business and the Microsoft Authenticator App Begin migrating your apps to Azure Active Directory Deploy a FIDO 2.0 proof of concept with Windows in the Spring of 2018 Make it real in the Fall of 2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 The roadmap to no more passwords
8/27/2018 9:28 AM The roadmap to no more passwords On-premises app Web app SaaS service Device unlock Windows 10 or other OS Microsoft Edge or other browser Any device Microsoft Authenticator Device + Biometric Biometric on device + Microsoft account Azure Active Directory © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Identity @ Ignite | Monday
8/27/2018 9:28 AM Ignite | Monday BRK3020 What's new and upcoming in AD FS to securely sign-in your users to Office 365 and other applications OCCC Valencia W415 CD Monday 4:00–5:15 Sam Devasahayam Ignite | Tuesday BRK2019 Productivity and protection for your employees, partners, and customers with Azure Active Directory OCCC West Hall F2 Tue 9:00–10:15 Alex Simons Nasos Kladakis THR2072 Migrate your apps from legacy APIs to Microsoft Graph OCCC South – Expo Theater #6 Tue 11:35-11:55 Jeff Sakowicz, Dan Kershaw BRK2017 Saying goodbye to passwords OCCC West Hall F3-4 Tue 12:45-1:30 Manini Roy THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory OCCC West Building Theater - Level 2 Tue 2:10–2:30 Jeff Sakowicz BRK1051 Locking down access to the Azure Cloud using SSO, Roles Based Access Control, and Conditional Access OCCC W308 Tue 2:15–3:30 Stuart Kwan © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Identity @ Ignite | Thursday
8/27/2018 9:28 AM Ignite | Thursday BRK2018 Share corporate resources with your partners using Azure Active Directory B2B collaboration OCCC W230 Thu 9:00–10:15 Mary Lynch Sarat Subramaniam Laith Al Shamri BRK3207 The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile+web apps OCCC S310 Thu 10:45-12:00 Vittorio Bertocci BRK3012 Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security OCCC W311 Caleb Baker Chris Green BRK3013 Ensure users have the right access with Azure Active Directory OCCC Valencia W415 AB Thu 12:30–1:45 Joseph Dadzie Mark Wahl BRK3015 Deep-dive: Azure Active Directory Authentication and Single-Sign-On OCCC West Hall E1 Thu 2:15-3:30 John Craddock BRK3014 Azure Active Directory best practices from around the world Thu 4:00–5:15 Tarek Dawoud Mark Morowczynski Ignite | Friday BRK2276 Modernize your customer identity management with Azure Active Directory B2C OCCC W314 Friday 9:00-9:45 Saeed Akhter © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Identity @ Ignite | Wednesday
8/27/2018 9:28 AM Ignite | Wednesday BRK3388 Build applications to secure and manage your enterprise using Microsoft Graph OCCC S210 Wed 09:00-09:45 Jeff Sakowicz, Dan Kershaw BRK3225 Office development: Authentication demystified OCCC W315 Wed 10:45–12:00 Vittorio Bertocci THR2007 How to get Office 365 to the next level with Azure Active Directory Premium OCCC South – Expo Theater 10 Wed 12:35-12:55 Brjann Brekkan BRK3146 The power of common identity across any cloud OCCC W240 Wed 12:45-1:30 Sam Devasahayam THR2126 Azure Active Directory: Your options explained from AD sync to pass through authentication & more OCCC West – Microsoft Ignite Studio Wed 1:35-1:55 Alex Simons Simon May   BRK3352 Windows devices in Azure Active Directory: Why should I care? OCCC Valencia W415 AB Wed 2:15–3:30 Jairo Cadena BRK3295 What’s new in Azure Active Directory Domain Services Hyatt Regency Windermere Z Wed 4:00–5:15 Mahesh Unnikrishnan BRK3016 Shut the door to cybercrime with Azure Active Directory risk-based identity protection OCCC Valencia W415 CD Alex Weinert Nitika Gupta © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Thank you @manini_roy @alex_a_simons
8/27/2018 9:28 AM Thank you @alex_a_simons For more information microsoft.com/identity @manini_roy © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Other industry partners for FIDO

Download ppt "Say goodbye to passwords"

Similar presentations

Secure Windows App Development. Authentication.

Secure Windows App Development. Authentication.
11 | Managing User Info Jeremy Foster Michael Palermo

11 | Managing User Info Jeremy Foster Michael Palermo
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Deployment Planning Services

Deployment Planning Services
Microsoft Ignite 2016 4/27/2018 9:00 AM THR2016

Microsoft Ignite /27/2018 9:00 AM THR2016
5/18/2018 6:06 AM BRK3020 AD FS: What’s new & upcoming to securely sign-in to O365 & other Azure AD apps ‘Sam’uel Devasahayam Principal Group Program Manager.

5/18/2018 6:06 AM BRK3020 AD FS: What’s new & upcoming to securely sign-in to O365 & other Azure AD apps ‘Sam’uel Devasahayam Principal Group Program Manager.
Microsoft Ignite 2016 5/17/ :48 AM BRK3330

Microsoft Ignite /17/ :48 AM BRK3330
5/17/2018 Productivity and protection for your employees, partners, and customers with Azure Active Directory Alex Simons Partner Director Program Mgmt.

5/17/2018 Productivity and protection for your employees, partners, and customers with Azure Active Directory Alex Simons Partner Director Program Mgmt.
5/19/2018 6:29 PM BRK1051 Locking down access to the Azure Cloud: SSO, Roles Based Access Control, and Conditional Access Stuart Kwan Principal Program.

5/19/2018 6:29 PM BRK1051 Locking down access to the Azure Cloud: SSO, Roles Based Access Control, and Conditional Access Stuart Kwan Principal Program.
Deployment Planning Services

Deployment Planning Services
5/29/2018 12:04 PM BRK3012 Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security Caleb Baker @caleb_b Principal.

5/29/ :04 PM BRK3012 Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security Caleb Principal.
Aligning the Office 365 ProPlus and Windows 10 Update Models

Aligning the Office 365 ProPlus and Windows 10 Update Models
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Active Directory best practices from around the world

Azure Active Directory best practices from around the world
A quick guide to modern authentication protocols

A quick guide to modern authentication protocols
SaaS Application Deep Dive

SaaS Application Deep Dive
6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
What’s new in Azure Active Directory Domain Services

What’s new in Azure Active Directory Domain Services

Similar presentations

Ads by Google