Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft’s guide for going password-less

Published byCaitlin Nelson Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft’s guide for going password-less"— Presentation transcript:

1 Microsoft’s guide for going password-less
9/7/2018 6:00 PM BRK2078 Microsoft’s guide for going password-less Karanbir Singh Senior Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2

3

4 Microsoft’s guide for going password-less
9/7/2018 6:00 PM BRK2078 Microsoft’s guide for going password-less Karanbir Singh Senior Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Session objectives and takeaways
Tech Ready 15 9/7/2018 Session objectives and takeaways Session objectives Password-less - Why? Our strategy Password-less technologies available today What’s coming Demos Takeaways Microsoft’s commitment to enabling a world without passwords Strategy and tangible next steps on how to take your enterprise password-less © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 TURBULENT TIMES 160 MILLION customer records compromised
9/7/2018 6:00 PM TURBULENT TIMES 160 MILLION customer records compromised 229 DAYS between infiltration and detection $3 MILLION of cost/business impact per breach © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 “ “ The hits keep on coming…
9/7/2018 6:00 PM Equifax data breach may affect half US population Thieves stole customer names, Social Security numbers, birthdates and addresses in a hack that stretched from mid-May and July. The data taken affected as many as 143 million people… Alfred Ng, CNET September The hits keep on coming… Source: © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Nobody likes passwords
9/7/2018 6:00 PM John Doe lllllll Nobody likes passwords Alpha-numeric passwords are hard for humans to remember and easy for computers to guess. On mobile devices entering passwords is impossible. Credential reuse across multiple services increases attack surfaces. Even the strongest passwords are easily phishable. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Nobody likes passwords
9/7/2018 6:00 PM John Doe lllllll Nobody likes passwords #1 COST for Enterprise IT departments For Microsoft account, in the month of July 686K forgotten passwords $12M+ spent on forgotten passwords © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Nobody likes passwords
9/7/2018 6:00 PM Nobody likes passwords Passwords + 2FA is more secure, but also more complicated and difficult to use. 2FA verification code: MESSAGES John Doe lllllll + 2FA Passwords © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Passwords + standard 2FA
The search for better High Security Passwords + standard 2FA ? 2FA verification code: MESSAGES Inconvenient Convenient John Doe lllllll Passwords Low Security

12 Passwords Insecure Inconvenient Expensive
Build 2015 9/7/2018 6:00 PM Passwords Expensive Inconvenient Insecure Human generated symmetric secrets © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Passwords Human generated symmetric secrets Insecure Compatible
Build 2015 9/7/2018 6:00 PM Passwords Easy to provision Portable Compatible Expensive Inconvenient Insecure Human generated symmetric secrets © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 What does password-less mean to us?
Build 2015 9/7/2018 6:00 PM What does password-less mean to us? User promise End-users never have to deal with passwords in their day-to-day lives. Security promise User credentials cannot be cracked, breached, or phished. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Strategy 4. Eliminate passwords from identity directory
Build 2015 9/7/2018 6:00 PM Strategy Achieve Security Promise Achieve End-User Promise 1. Develop password-replacement offerings 2. Reduce user-visible password surface area 3. Transition into password-less deployment 4. Eliminate passwords from identity directory © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 What’s available today?
Build 2015 9/7/2018 6:00 PM What’s available today? 1. Develop password-replacement offerings 2. Reduce user-visible password surface area 3. Transition into password-less deployment 4. Eliminate password from identity directory Windows Hello for Business Authenticator app © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 9/7/2018 6:00 PM Windows Hello © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 UTILIZE FAMILIAR DEVICES
9/7/2018 Windows Hello USER CREDENTIAL An asymmetrical key pair Provisioned via PKI or created locally via Windows 10 UTILIZE FAMILIAR DEVICES SECURED BY HARDWARE © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

19 Windows 10 Hello for Business provisioning
9/7/2018 6:00 PM Windows 10 Hello for Business provisioning 1 User authenticates with password + MFA, provides bio-gesture Windows generates private & public key in the Trusted Platform Module (TPM) protected with bio-gesture + attestation blob 2 4 3 Windows sends public key + attestation blob 3 5 Azure AD verifies public key with attestation blob and registers the key with the user 4 5 Azure AD returns key ID to client 1 2 Windows 10 device For security reasons, we require additional information to verify your account. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. User begins to log in Authenticating service shows sign-on challenge User authenticates using FIDO-compliant device Service completes authentication with service

20 Windows 10 Hello for Business sign in
9/7/2018 6:00 PM Windows 10 Hello for Business sign in 1 User sign-in with bio-gesture unlocks TPM holding private key 2 Windows sends “hello” 3 Azure AD sends back nonce 3 5 4 Windows uses private key to sign nonce and returns to Azure AD with key ID 2 4 6 5 Azure AD returns PRT + encrypted session key protected in TPM Windows returns the signed PRT and derived session key to Azure AD to verify 6 1 Windows 10 device + © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21

22 Windows Hello Adoption
9/7/2018 6:00 PM [Windows 10] Windows Hello Adoption 37M active Windows Hello users enterprises have deployed Windows Hello for Business >25K Largest customer enterprise deployment © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Windows Hello – What’s new?
Build 2015 9/7/2018 6:00 PM Windows Hello – What’s new? Simplified deployment AD-only support, no SCCM required Improved user-experience Self-service PIN reset, etc. Cool new scenarios! Multi-factor device unlock, dynamic lock, etc. BRK2076: Windows Hello for Business: What’s new in 2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Extending Windows Hello…
Devices & Sensors Environmental awareness Behavioral patterns Better Trust Decisions BRK2075: Extending Windows Hello with trusted signals

25 Microsoft Account Phone sign-in using Microsoft Authenticator
9/7/2018 6:00 PM Microsoft Account Phone sign-in using Microsoft Authenticator Password-less authentication Public / Private key exchange New Data on- Andrew Pickering over a $1million, will get the data…One we publish top requests for enterprises. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 9/7/2018 6:00 PM Fast IDentity Online 2.0 Standards-based, interoperable authentication 2.0 Works with the same devices people use every day Based on public key cryptography Biometrics and keys never leave the device Protects against phishing, man-in-the-middle and replay attacks © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 FIDO Alliance board members
…and hundreds of industry partners

28 Demo OOBE + Authenticator App + Windows Hello
9/7/2018 6:00 PM Demo OOBE + Authenticator App + Windows Hello © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Identity is a means to an end, not the end.
Build 2015 9/7/2018 6:00 PM Identity is a means to an end, not the end. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 What’s available today?
Build 2015 9/7/2018 6:00 PM What’s available today? 1. Develop password-replacement offerings 2. Reduce user-visible password surface area 3. Transition into password-less deployment 4. Eliminate password from identity directory WHFB for mainstream scenarios Enlightened inbox apps Modern AuthN libraries Windows Hello for Business Authenticator app © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Demo: App & web SSO + Recovery
9/7/2018 6:00 PM Demo: App & web SSO + Recovery © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Web Account Manager Web Account Manager App 7. Access resources
Identity/Service Provider 7. Access resources 4. Token 3. Authenticate Web Account Manager 1. RequestTokenAsync App 6. RequestResult 2. Token request 5. Request result Microsoft Web Account Provider

33 Azure Active Directory
9/7/2018 6:00 PM Modern Authentication Azure Active Directory Microsoft account Web Account Manager Microsoft Auth Library (MSAL) BRK3207: The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile+web apps BRK3015: Deep-dive: Azure Active Directory Authentication and Single-Sign-On © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 What’s available today?
Build 2015 9/7/2018 6:00 PM What’s available today? Policies to disable password credential provider App Passwords Smart Card for Interactive Login Smart Card only MSA password-less opt in 1. Develop password-replacement offerings 2. Reduce user-visible password surface area 3. Transition into password-less deployment 4. Eliminate password from identity directory WHFB for mainstream scenarios Enlightened inbox apps Modern AuthN libraries Windows Hello for Business Authenticator app © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Demo: No password sign-in option
9/7/2018 6:00 PM Demo: No password sign-in option © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 What’s available today?
Build 2015 9/7/2018 6:00 PM What’s available today? SmartCard only MSA password-less opt in Windows Hello App Passwords Smart Card for Interactive Login WHFB for mainstream scenarios Enlightened inbox apps Modern Authentication libraries Policies to disable password credential provider 1. Develop pwd-replacement offerings 2. Reduce user-visible pwd surface area 3. Simulate pwd-less deployment 4. Eliminate pwds from identity directory Windows Hello for Business Authenticator app © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 9/7/2018 6:00 PM Now – your turn! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 What you can do today! Guide for going password-less
Build 2015 9/7/2018 6:00 PM What you can do today! Guide for going password-less Stay tuned Lots more coming… Disable Password credential provider Upgrade LOB and web apps to modern authentication Identify & phase out legacy workflows 1. Deploy password-replacement offerings 2. Reduce user-visible password surface area 3. Transition into password-less deployment 4. Eliminate passwords from identity directory Deploy Windows Hello for Business Authenticator app © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 What’s next? Azure Active Directory Windows 10
Build 2015 9/7/2018 6:00 PM What’s next? Azure Active Directory Phone sign-in using Microsoft Authenticator Windows 10 Windows Hello, Password less, & FIDO © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 The roadmap to no more passwords
9/7/2018 6:00 PM The roadmap to no more passwords On-premises app Web app SaaS service Device unlock Windows 10 or other OS Microsoft Edge or other browser Any device Microsoft Authenticator Device + Biometric Biometric on device + Microsoft account Azure Active Directory © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 In review: session objectives and takeaways
Tech Ready 15 9/7/2018 In review: session objectives and takeaways Go password-less today! Deploy Windows Hello for Business, Authenticator app, FIDO Upgrade LOB and web apps to modern authentication Disable password credential provider Identify & phase out legacy workflows Report gaps so we can address them! Stay tuned! There is a lot more coming! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Ignite Resources BRK2017: Saying goodbye to passwords
Tech Ready 15 9/7/2018 Ignite Resources BRK2017: Saying goodbye to passwords BRK2076: Windows Hello for Business: What’s new in 2017 BRK2075: Extending Windows Hello with trusted signals BRK2077: Credential protection in Windows: An Overview THR2259: Microsoft’s guide for going password-less © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 Please evaluate this session
Tech Ready 15 9/7/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 9/7/2018 6:00 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft’s guide for going password-less"

Similar presentations

Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Deployment Planning Services

Deployment Planning Services
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Azure Machine Learning Deploying and Managing Models in production

Azure Machine Learning Deploying and Managing Models in production
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
How To Deliver Apps Faster And Secure Them The Microsoft Way

How To Deliver Apps Faster And Secure Them The Microsoft Way
Extending Windows Hello with trusted signals

Extending Windows Hello with trusted signals
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
SaaS Application Deep Dive

SaaS Application Deep Dive
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Modernizing your Remote Access

Modernizing your Remote Access

Similar presentations

Ads by Google