Microsoft on Monday announced public preview of a single sign-on experience on Azure AD and support for passwordless authentication using Windows Hello and security devices such as FIDO2 keys.
This new feature was made available on Windows 10, Windows 11, and Windows Server 2022 Session Hosts once the administrator installed the September Cumulative Update preview.
In a blog post, David Belanger of Microsoft’s Remote Desktop Services team said that with this preview, Windows administrators can do the following:
- Enable a single sign-on experience for Azure AD-joined and hybrid Azure AD session hosts when using Windows and web clients.
- Use passwordless authentication to connect to the host using Azure AD.
- Perform in-session passwordless authentication when using the Windows client.
- Leverage third-party identity providers (IdPs) that integrate with Azure AD to log in to the host.
For Azure AD-joined and Hybrid Azure AD-joined devices, passwordless authentication with Windows Hello or FIDO2 keys will give IT administrators new secure options for authentication, said Craig Lurey, co-founder and CTO of Keeper Security.
“Wherever the user experience can be improved while adding additional security, it’s a welcome addition to Microsoft’s ecosystem,” Lurey said. “However, the administrator should always ensure that accounts are also protected with a strong, unique password, and managed in a secure password management system. Additionally, if the security key or method Windows Hello login is lost, corrupted, or forgotten, a strong password should be used as a backup authentication method.