Feedback by UserVoice

I suggest you ...

FIDO U2F

Office 365 for work: We need Office 365 for Work support a FIDO Universal Second Factor (U2F) protocol standard Security Key.

As many organisation would like to shift to Office 365 but they concern about the security standard which request Office 365 to support Universal Second Factor (U2F) protocol standard security key as Microsoft is a member of FIDO.

So, I wrote this idea to be a feedback request to Office team.

1,114 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Wattanapong Sirivadhanahul shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    42 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Marty commented  ·   ·  Flag as inappropriate

        I just learned today that Azure is adding support for OATH hardware tokens! Awesome! My organization considers hardware protected secrets (as in a hardware OTP authenticator) to offer higher assurance than software protected keys (as in a phone app authenticator).

        But we also consider FIDO hardware authenticators to offer much higher assurance than even hardware OATH authenticators. Please add support for FIDO tokens!

        Lastly, as long as we're dreaming, my company would like to use smart cards for administrator access to Azure Portal, but sadly, Azure Portal doesn't support X.509 mutual authN. I submitted a request on the Azure feedback site, but it has gotten little attention. If you think such a capability would be beneficial, could you please go vote & comment at the following URI:
        https://feedback.azure.com/forums/34192--general-feedback/suggestions/33634465-add-support-for-x-509-authentication

        Thanks

      • Anonymous commented  ·   ·  Flag as inappropriate

        please support FIDO U2F, we need a safer alternative to the Authenticator app ASAP.

      • Frank Amini commented  ·   ·  Flag as inappropriate

        I think that the state of security has never been as important as it is now.
        When we look at society how everyone and everything interacts. Paper trails are gone and hardly mean anything.
        Emails may seem like the least of priorities for some however it is the most important thing to keep secure. Every account you have online or offline are linked to emails, should anyone get into email accounts, an entire life can be in jeopardy.
        We think not only emails but photos, documents you may have sent to yourself for safekeeping, cloud data, house information, bills, payment information, music and not to forget our generations new priority, social media such as Facebook and twitter, instagram to name just a couple, all those social account have now a major part in people's life and often can define their lives.
        Our life are digitally imprinted and open to the world. The world has never needed security as badly as it does now.
        I highly think that the U2F key are currently the best solution as they cannot be copied and only their physical presence can approve a logon.

      • KrisVG commented  ·   ·  Flag as inappropriate

        I bought 2 ePass Fido security keys for testing, naively thinking the two factor authentication of Office 365 could use this. Big disappointment to find out that Office 365 doesn't support this kind of second authentication. The only detailed examples I found was how to bind a Google account to the Fido key, nothing on Windows, Azure or whatever :(

      • Chris Hills commented  ·   ·  Flag as inappropriate

        I strongly support this as U2F is far more secure than OTP (SMS/token) as these can be intercepted/guessed) wheras a key on a hard token cannot be copied nor intercepted.

      • Maarten "merethan" van Eeuwijk commented  ·   ·  Flag as inappropriate

        The browsers now have support for U2F or should have it soon. Given we've already had a successful spear phishing attack compromising one of our Office 365 accounts, I'd like to see U2F and/or FIDO2 support coming to 365 very soon.

      • Kalle Laine commented  ·   ·  Flag as inappropriate

        with 865 votes this should at least get a mod to comment about this, would be nice to know if this has even been considered at microsoft

      • Vikum Siriwardena commented  ·   ·  Flag as inappropriate

        Has this request fallen on deaf ears? This seems to have been requested by users for several years now. Google has this implemented and has made it a seamless integration. Come on Microsoft we need this implemented at least now!

      • Kalle Laine commented  ·   ·  Flag as inappropriate

        For my opinion this is really needed, not only for it's security side but the ease of use of it.
        Do you really think an old/non tech savy employee likes to type the annoying 6 number code from e-mail or from a text message on phone (normally they don't have smart phones as work phones).
        So the feature to just plug in a usb stick to your computer and press one button and by magic your autheticated.

      • Bill East commented  ·   ·  Flag as inappropriate

        I need to have this installed in office 365. And in the outlook app I use as an email integrator.

      • Anonymous commented  ·   ·  Flag as inappropriate

        MS Guys, please stop ignoring this RFE. It's been raised in 2015, long time ago. We, Office365 Community, are really in the need of U2F support.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I agree, with the increase of fishing attach we see today. I think FIDO U2F would be a great way to address this

      ← Previous 1 3

      Feedback and Knowledge Base