Start the Azure Active Directory admin center go to users and find your standard user you want to make an Intune Administrator In this part of the blog post I will walk trough setting up a standard user in AzureAD with role based access control (RBAC). Setup a Azure Active Directory user as Intune Administrator Now you are ready to have your users to enroll there FIDO2 Security keys.
Enforce key restriction to no (when you are starting test). Start the Azure Active Directory admin center If your tenant already is setup to use security keys your can skip this part. Setting up your tenant for security keys: WebAuthN requires Windows 10 version 1809 or higher**. 
Combined security information registration preview. You should not give up on Conditional Access and MFA just because you are looking at other solutions. So to find a solution that also is working for administrators I think that FIDO2 keys is a nice and easy way to getting started. It is important to start looking at going password less, for the normal user Windows Hello for Business on Windows 10 is starting to get adopted. Role Based Access Control (RBAC) is important for many Enterprises but I still see users that are not being Global Admin in a tenant using extra security, so that is the main reason I created this blog post to show a new way of securing your privileged roles inside your Azure Active Directory. In this blog post I will walk you through setting you Azure Active Directory tenant up to allow FIDO keys, creating a Intune Admin user with only rights to Intune and how the IT Admin end user experience is. 
Security keys is not only for end user, it can also be for administrators that are logging into a web service, in this case Microsoft Endpoint Manager admin center. Using security keys like FIDO2 keys when you are logging in to a service helps you go password-less.
0 kommentar(er)
