Skip to main content

Azure Virtual Desktops - FIDO Support with FEITIAN FIDO

Howdy Folks

This time, I decided to play with Azure Virtual Desktops - FIDO key support feature. My experience with FIDO is also new. Luckily Fetian team hooked me up with one of their FIDO keys to test this solution. Firstly thanks heaps for the FEITIAN team

You can check out the FEITIAN lineup on their Amazon Store here.

I have used ePass FIDO NFC Security Key K9.

Following is my use case for the LAB

  • Configure FIDO key with my personal Hotmail account
  • Enable FIDO key redirection with AVD
  • Sign in to my personal Onedrive using the FIDO key within the Azure Virtual Desktop Session

Firstly About the K9 Key

The K9 security key is a USB and NFC key. The setup of this key is really straightforward. Check this blog post for the setup and the activation of using it in Azure AD. In terms of build quality, It's portable and easy to use, made out of hard plastic which makes it light weighted. I would suggest having a key ring or key tag attached otherwise you may lose the key :P

Also since it has NFC capability, so make sure you don't store it with other NFC devices

AVD FIDO Support

Enabling AVD Fido support is fairly straightforward. You can achieve this either with Azure Active Directory joined or Hybrid AVD solutions

Azure Virtual Desktop supports in-session passwordless authentication (preview) using Windows Hello for Business or security devices like FIDO keys when using the Windows Desktop client. This feature is by default enabled on all the following AVD host deployments


  • Windows 11 Enterprise single or multi-session with the 2022-09 Cumulative Updates for Windows 11 Preview (KB5017383) or later installed.

  • Windows 10 Enterprise single or multi-session, versions 20H2 or later with the 2022-09 Cumulative Updates for Windows 10 Preview (KB5017380) or later installed.

  • Windows Server 2022 with the 2022-09 Cumulative Update for Microsoft server operating system preview (KB5017381) or later installed.

Experience

Once I signed in to the Azure Virtual Desktops, I tried signing into my personal Onedrive and selected the below option

At this stage I have my FIDO key plugged into my Laptop.



All I had to do was put the Pin in and touch the FIDO key. AVD redirection worked seamlessly

Conclusion

All in all FEITIAN FIDO Key Setup and usage was seamless, I'm really pleased with how it worked well without any drama.:) . Look forward to checking out new products from FEITIAN. I may give it a go with Biometrics one too.

You can check out the FEITIAN lineup on their Amazon Store here.

And AVD Password less auth experience is also pleasant and easy for users. With this new feature, users will be able to sign in to their accounts more securely and seamlessly.


Labels:

Comments

Post a Comment

Popular posts from this blog

Deploying an Automation Account with a Runbook and Schedule Using Bicep

Introduction Automation is a key component in many organizations' cloud strategy. Azure Automation allows you to automate the creation, deployment, and management of resources in your Azure environment. In this post, we will walk through the process of deploying an Automation Account with a Runbook and Schedule using Bicep, a new domain-specific language for deploying Azure resources. Intention My intention at the  end is to run a PowerShell  script to start and shutdown Azure VMs based on tag values. PowerShell  script that I have used is from below l ink.  And two  of me   collogue s ( Michael Turnley   and Saudh Mohomad helped to modify the  PowerShell  script. Prerequisites Before we begin, you will need the following: An Azure subscription The Azure CLI installed on your machine. The Azure Bicep extension for the Azure CLI Creating the Automation Account The first step in deploying an Automation Account with a Runbook and Schedule is to create the Aut
Post a Comment
Read more

Migrating Azure DevOps Variable Groups

Howdy Folks, I was working on an application modernization project. And there was a requirement to migrate application deployments from one project to another in Azure DevOps. deployment pipelines were heavily dependent on variable groups. So, we wanted to migrate these variables group to the new project. Couldn't find any solutions in internet for this, so came up with the below scripts. You can grab the scripts from the below GitHub URL. DaniduWeerasinghe911/Migrate-Azure-DevOps-Variable-Groups: This Repo Include PowerShell Scripts relating to Migrating Azure DevOps Variable Groups (github.com) Azure DevOps Variable Groups Azure DevOps Variable Groups are a way to store and manage sets of variables that can be used across multiple pipelines in Azure DevOps. These variables can include secrets, connection strings, and other sensitive information that is needed for builds and releases. Variable Groups provide a centralized way to manage these variables and ensure that they are cons
Post a Comment
Read more

Securing Azure Services with Fetian FIDO

Hey Folks  Here again with another security topic with Fetian Fido. And once again Fetian devices proved their excellent quality and stability. For this I choose Fetian K33 -  AllinPass FIDO Security Key – FEITIAN (ftsafe.com) and  K39 -  Single-button FIDO Security Keys | FEITIAN (ftsafe.com) Use case  In an organization following changes needs to be implemented.  1. Update the password policy 2. Update the user session time out to 30 minutes Once these changes being implemented, the following issues need to be addressed 1. Users' complaint new passwords need to be so long 2. Users complain sessions time out makes them work so much slower with the longer passwords 3. Etc... Solution  One of my friends reached out to me to help solve this problem. All I could think of was using passwordless auth with FIDO devices. We have decided to use Fido2 keys for better security and flexibility for the users. The FIDO (Fast IDentity Online) Alliance helps to promote open authentication stand
Post a Comment
Read more