Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Certificate-Based Authentication With YubiKeys for Microsoft, Third-Party, and Web Applications Now Available on iOS and Android

With Microsoft’s announcement on Nov. 2 of its support for Azure AD Certificate-based authentication (CBA) for both iOS and Android devices, Yubico is excited to share that the YubiKey is currently the only external device that supports CBA on Android and iOS. Plus, the YubiKey is the only FIPS certified phishing-resistant solution available for Azure AD on mobile.

Yubico worked closely with Microsoft to ensure CBA on mobile became a reality.

Microsoft’s new support provides users with the same convenient smart card authentication method on mobile devices that they have on their desktops. CBA has been a staple of governments and high security environments for decades, long before the invention of FIDO U2F and FIDO2, mostly due to its reliability and effectiveness in physical environments. With Executive Order 14028 on Improving the Nation’s Cybersecurity, the adoption of CBA and other phishing-resistant multi-factor authentication methods are mandated for civilian federal agencies in the US.

CBA is widely deployed across many industries, and remains a favorite amongst security experts. For some organizations, it is the logical choice from the available Azure offerings. With this announcement, customers can now use CBA on their mobile devices using native Azure AD CBA. When using native Azure AD CBA, organizations can reduce their existing infrastructure and move it into the cloud. Azure AD CBA capabilities can also be combined with Conditional Access policies so admins can enforce phishing-resistant sign-in methods.

CBA is currently the only form of phishing-resistant authentication within Azure that is supported on mobile devices, which is an important factor for an organization when deciding which scheme to adopt.

“Yubico has been a driving force in working with our teams to build this solution that allows Microsoft customers to securely log into their Microsoft accounts on their iPhone or Android mobile device. This is a big win for us, Yubico, and most importantly our federal government customers,” said Sue Bohn, Vice President of Product Management for Microsoft’s Identity and Network Access (IDNA) group.

Setting up CBA on Azure requires some basic configuration steps within Azure AD and installation of the Microsoft Authenticator app on Android or iOS/iPadOS. The Yubico Authenticator app is also needed on iOS/iPadOS. The PIV credential must be set up independently from the Azure solution. Your existing YubiKey PIV/smart card issuance process does not need to change.

Also, with the new Conditional Access authentication strength policies, you can enforce CBA as the required sign-in mechanism.

Yubico and Microsoft are globally recognized leaders in cybersecurity assisting public and private organizations on their journey to Zero Trust. Both Yubico and Microsoft are FIDO Alliance members and committed to providing phishing-resistant authentication solutions based on FIDO2 and certificate-based authentication standards.

Learn more

Microsoft’s mobile certificate-based solution coupled with the YubiKey is a simple, convenient, FIPS certified phishing-resistant MFA methods for organizations, and we’re excited to share additional details and best practices during our upcoming webinar, New solutions to prevent phishing with Azure AD and YubiKeys on November 3rd at 9 am PT, register here to attend.

Related News

Top 6 Cell Phone Tracker Apps for Parental Control

Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure…
Moses Staff Hackers Publish Footage of Jerusalem Explosion

Moses Staff Hackers Publish Footage of Jerusalem Explosion

In a dramatic series of events, an Iranian hacker group by the name of Moses Staff published footage of the…
Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Cyble Research & Intelligence Labs (CRIL) recently uncovered a phishing campaign used by threat actors to deliver cryptocurrency miner softwares…