Tag Archives: Security

Use biometrics within Remote Desktop

With Windows 10 version 1809, also known as Windows 10 October 2018 Update you can use biometrics to authenticate to a remote desktop session, as long as Windows Hello for Business are allowed and configured with both Azure Active Directory and Active Directory users.

Windows will automatically prompt you for biometrics when you’re creating a remote desktop session to a etc. Windows 2016 Server if you have logged in to your own computer using Windows Hello for Business.

Intune: Require non-biometric PIN after a specified timeout

With the latest update to Intune, it is now possible to requiring a non-biometric PIN after an specified timeout, which improve the security for Mobile Application Management (MAM) enabled apps.

This settings affect users who rely on Touch ID (iOS), Face ID (iOS), Android Biometric, or other future biometric authentication methods to access their MAM-enabled applications.

These settings enable Intune admins to have more granular control over user access, eliminating cases where a device with multiple fingerprints or other biometric access methods can reveal corporate data to an incorrect user.

To enable the new feature, go to the Microsoft 365 Device Management portal -> Client apps -> App protection policies -> Create policy OR Change an existing policy -> Settings -> Access requirements

pininsted

Password-less Azure AD sign-in

You can now use the Microsoft Authenticator app on your mobile phone, to sign in to any Azure AD account without entering a password. If you enable this feature in your tenant, persons who has enabled phone sign-in in the Microsoft Authenticator app will now see a message telling them to tap a number in their app when they are logging into Azure AD.

You might already know this feature from Windows Hello for Business, where the Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device and uses a biometric or PIN.

Prerequisites:

  • Azure Active Directory
  • End users enabled for Azure Multi-Factor Authentication
  • Users can register their devices

How to enable it:

  • Install the public preview release of the Azure Active Directory V2 PowerShell Module
    • Install-Module -Name AzureADPreview -RequiredVersion 2.0.1.18
  • In PowerShell, run two commands:
    • Connect-AzureAD
    • New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

Run the command Get-AzureADPolicy to see if it is active in your tenant

password-less login

Webinar: Data Loss Prevention

Next month I will host a webinar about Data Loss Prevention in Microsoft 365, as it seems to be quite a hot topic.

I will talk about how you identify sensitive information across Exchange Online, SharePoint Online, and OneDrive for Business, how you can monitor and protect your sensitive information from being accidentally shared.

Join my webinar October 10 at 19:00 to 20:30

Join the Data Loss Prevention Webinar on Skype