Office 365 for work: We need Office 365 for Work support a FIDO Universal Second Factor (U2F) protocol standard Security Key.
As many organisation would like to shift to Office 365 but they concern about the security standard which request Office 365 to support Universal Second Factor (U2F) protocol standard security key as Microsoft is a member of FIDO.
So, I wrote this idea to be a feedback request to Office team.
MS Guys, please stop ignoring this RFE. It's been raised in 2015, long time ago. We, Office365 Community, are really in the need of U2F support.
Please add support for FIDO keys for security and convenience sakes
I agree, with the increase of fishing attach we see today. I think FIDO U2F would be a great way to address this
Please support U2F or WebAuthen (https://www.w3.org/TR/webauthn/).
T. Kane commented
Please add Security Key (such as yubikey) support as well as support for non Microsoft Authenticator mobile applications (such as Google Auth, Authy, Duo Mobile, etc) for Office 365 Multi Factor Authentication.
Please add hardware-based u2f support like yubikey! Thanks!
Please add U2F support
Mark Hendricks commented
Please add U2F browser support
Please add this as a feature asap! so much better than using a mobile device/ app.
Having the option of FIDO U2F for Office 365 multi-factor authentication would be great. It would enable the use of security key devices as an alternative to mobile phones.
I would like FIDO U2F support for Outlook/365 as soon as possible.
PLEASE ADD U2F Support for O365
Norbert Gimm commented
I am posting this from my private account. But as the company IT manager I am preparing a new E-mail/communications platform while at the same time looking for someting to replce our smartcard based security. U2F (yubikey or similar) looks like my logical choice for security. And I'd expect a cloud service provider to support this. At least an official announcement that Office365/Exchange Online wil offer this in the (not so far) future would be appreciated.
Yes, this! In June 2017 NIST SP 800-63B was finalized and its draft was no secret. I am very confident Microsoft is working on offering FIDO U2F. Some news is promising that they are working on authentication: "Microsoft Unifies Azure AD and Microsoft Account Log-in Experience" last week.
I use my YubiKey on every possible site and app I have. Really need to secure our MS cloud global administrator, domain admin accounts and O365 Password Admin accounts with other than SMS 2FA tethered to a phone. Yes, we use the Micosoft Authenicator App but having a U2F is becoming a best practice in the InfoSec world.
Takashi Inaba commented
Yes, Strong Auth is really need. But when connecting to Office 365 with a smartphone application, I do not want to do F2U / FAU based authentication.
Vittorio Garbellotto commented
NIST SP 800-63B deprecated SMS/Ring/Voice 2FA.
We need an alternative, it would be better if it is standard and let us choice among different options.
To expand on why the SMS or app 2 factor is not good enough: Most people use Android, which in most cases never gets security updates.
So there is no way this will help against any directed/determined attacks.
That is besides the fact that most telecom companies can be tricked into sending out a "new" SIM for your number to an attacker, so even using a "dumb" phone doesn't help too much.
Without actual hardware like U2F the best you can say is "well, it's better than nothing".
Sam Magee commented
I need a second factor of authentication for users that don't have desk phones and won't bind their mobile phones to Office 365.
Gregory Haik commented
FIDO U2F can protect your Office 365 subscription now ! Have a look to Trustelem Cloud SSO. https://www.trustelem.com