Microsoft | Yubico
Adopt phishing-resistant authentication

Identity is a fundamental building block of a Zero Trust strategy. With the YubiKey, adopt strong phishing-resistant multi-factor passwordless authentication and experience a smooth user experience when accessing Microsoft apps and services. Enterprises, government agencies, and consumers can prevent account takeovers and go passwordless with Microsoft Azure AD and the YubiKey.

Enterprise solutions

YubiKeys provide a bridge from legacy to modern authentication options.

Compliance & privileged users

YubiKeys address strong authentication and compliance requirements.

Consumer solutions

Microsoft users strengthen authentication with YubiKeys—from simple to complex scenarios.

Executive Order compliance

Government agencies can deploy federally validated, hardware-backed MFA across multiple applications and operating systems.

Whether your identity directory is on premises or in the cloud, accessing personal or business accounts with Microsoft, YubiKeys provide strong authentication for securing the identity access management infrastructure. YubiKeys provide a bridge from legacy to modern authentication options. The same YubiKey used for on-premises smart card deployments can be used to authenticate access to apps in the cloud through FIDO2. The versatile, multi-protocol YubiKey 5 series is your solution.

Organizations that deploy Azure AD can fight phishing attacks in Azure, Office 365, and remote desktop environments with these solutions. They are essential to mitigate phishing attacks and play a key role in supporting organizations looking to comply with the Executive Order.

Certificate-based authentication (CBA)

CBA enables organizations with existing smart card & public-key-infrastructure (PKI) deployments to authenticate to Azure AD without a federated server. Organizations can use the same YubiKey as a smart card with Azure AD enabling them to migrate away from on-premises authentication solutions like ADFS as part of their Zero Trust and cloud strategies.

Conditional Access authentication strengths: enforced FIDO or CBA policies

Organizations can fight phishing attacks by implementing specific user authentication policies which enables them to restrict authentication to their requirements. YubiKeys can be leveraged for phishing-resistant MFA for FIDO-based passwordless (FIDO2/WebAuthn) or CBA. By configuring Azure AD to require YubiKeys, organizations are eliminating an entire attack vector for their most privileged users and safeguarding their most critical assets.

Azure Virtual Desktop (AVD) supports FIDO and certificates

AVD enables users to connect to a personal workstation in the cloud. Users with a virtual desktop have the same security and work experience no matter where they are. FIDO-based passwordless authentication enables users to authenticate with their YubiKey and Azure AD passwordless credentials when the user signs into AVD or when they sign into an application inside their virtual desktop. The FIDO-based passwordless authentication solution augments the support for YubiKeys and certificate authentication currently supported in AVD.

Azure AD CBA for Android and iOS mobile devices

CBA on mobile provides users with the same convenient smart card authentication method on mobile as on desktops. YubiKey is currently the only external device that supports CBA on Android and iOS. Plus, it is the only FIPS certified phishing-resistant solution available for Azure AD on mobile. CBA is a staple of governments and high security environments for decades. With Executive Order 14028, the adoption of CBA and other phishing-resistant MFA are mandated.

Organizations that deploy Azure AD can fight phishing attacks in Azure, Office 365, and remote desktop environments with these solutions. They are essential to mitigate phishing attacks and play a key role in supporting organizations looking to comply with the Executive Order.