Office 365 for work: We need Office 365 for Work support a FIDO Universal Second Factor (U2F) protocol standard Security Key.
As many organisation would like to shift to Office 365 but they concern about the security standard which request Office 365 to support Universal Second Factor (U2F) protocol standard security key as Microsoft is a member of FIDO.
So, I wrote this idea to be a feedback request to Office team.
We too have moved to MFA but would like to implement U2F. This really should be a priority for the MS Office team / Azure Team.
How many more people need to be victims of spear phishing before MS offers this?
Now that phishing can spoof 2fa Microsoft needs to implement U2F for 365 and make it as easy to use as 2FA on the MFA portal. Phishing is our number one security challenge with 365.
Chris Tucker commented
It's ridiculous that o365 / the admin portal has no support for hardware security keys such as Yubikey.
For anyone that works in secure environments from time to time, access to a phone to use an App is not permitted (So no use of the pointless MS Authenticatior App permitted). Hardware security tokens should be enabled as an option
Dave Upton commented
This is essential to allowing customers to source their own hardware tokens.
Please add Fido U2F support for Office 365 and Hotmail/Outlook
I just learned today that Azure is adding support for OATH hardware tokens! Awesome! My organization considers hardware protected secrets (as in a hardware OTP authenticator) to offer higher assurance than software protected keys (as in a phone app authenticator).
But we also consider FIDO hardware authenticators to offer much higher assurance than even hardware OATH authenticators. Please add support for FIDO tokens!
Lastly, as long as we're dreaming, my company would like to use smart cards for administrator access to Azure Portal, but sadly, Azure Portal doesn't support X.509 mutual authN. I submitted a request on the Azure feedback site, but it has gotten little attention. If you think such a capability would be beneficial, could you please go vote & comment at the following URI:
please support FIDO U2F, we need a safer alternative to the Authenticator app ASAP.
FIDO Key for Office365 is an urgent requirement!
Frank Amini commented
I think that the state of security has never been as important as it is now.
When we look at society how everyone and everything interacts. Paper trails are gone and hardly mean anything.
Emails may seem like the least of priorities for some however it is the most important thing to keep secure. Every account you have online or offline are linked to emails, should anyone get into email accounts, an entire life can be in jeopardy.
We think not only emails but photos, documents you may have sent to yourself for safekeeping, cloud data, house information, bills, payment information, music and not to forget our generations new priority, social media such as Facebook and twitter, instagram to name just a couple, all those social account have now a major part in people's life and often can define their lives.
Our life are digitally imprinted and open to the world. The world has never needed security as badly as it does now.
I highly think that the U2F key are currently the best solution as they cannot be copied and only their physical presence can approve a logon.
I bought 2 ePass Fido security keys for testing, naively thinking the two factor authentication of Office 365 could use this. Big disappointment to find out that Office 365 doesn't support this kind of second authentication. The only detailed examples I found was how to bind a Google account to the Fido key, nothing on Windows, Azure or whatever :(
Chris Hills commented
I strongly support this as U2F is far more secure than OTP (SMS/token) as these can be intercepted/guessed) wheras a key on a hard token cannot be copied nor intercepted.
Maarten "merethan" van Eeuwijk commented
The browsers now have support for U2F or should have it soon. Given we've already had a successful spear phishing attack compromising one of our Office 365 accounts, I'd like to see U2F and/or FIDO2 support coming to 365 very soon.
Jonathan Gregson commented
By not supporting U2F in this day and age, Microsoft is once again proving their abounding ineptitude.
Bob Burns commented
Seems that MS is working on this, even if there is no update here. We've been looking at implementing YubiKeys and I noticed this announcement a few days ago. https://www.yubico.com/2018/04/yubico-and-microsoft-introduce-passwordless-login/
Kalle Laine commented
with 865 votes this should at least get a mod to comment about this, would be nice to know if this has even been considered at microsoft
Vikum Siriwardena commented
Has this request fallen on deaf ears? This seems to have been requested by users for several years now. Google has this implemented and has made it a seamless integration. Come on Microsoft we need this implemented at least now!
Kalle Laine commented
For my opinion this is really needed, not only for it's security side but the ease of use of it.
Do you really think an old/non tech savy employee likes to type the annoying 6 number code from e-mail or from a text message on phone (normally they don't have smart phones as work phones).
So the feature to just plug in a usb stick to your computer and press one button and by magic your autheticated.
please support FIDO U2F.
Google already does it.
Bill East commented
If Google can do it, why not you?