15 Jan 2020 by Becci Velzian
Quadrotech is going to Microsoft Ignite the Tour 2020
Another year, another Microsoft Ignite the Tour! And there’s a multitude of reasons why we keep going back. Join us in London, Stockholm and Chicago this year.
Passport is a single sign-on web service developed and provided by Microsoft that allows users to log into websites (like Outlook.com), and devices (e.g. Windows 10 computers and tablets, or Windows Phones). It has been around for some time, acting as a single entry point to all of the Microsoft product range. In Windows 10, Microsoft Passport is still working away, replacing user passwords with a strong two-factor authentication. Authentication requires an enrolled device and a PIN code, both of which are needed for access.
Microsoft lists various benefits associated with this configuration, users should find it faster and more convenient, and any mobile devices that run Windows 10 can also be used as a remote credential for the user’s Windows 10 PC. The main benefit to the PIN appears to be security: as it is local to the device and associated with the specific equipment on which it is set up – without the corresponding hardware, the PIN is useless. By removing passwords, Microsoft claim that it also helps ‘circumvent phishing and brute force attacks’, increasing security beyond previous capabilities.
If you are running Windows 10 within your organisation, you can create a Group Policy or mobile device management policy that implements Microsoft Passport on all Windows 10 devices.
Here are Microsoft’s Group Policy settings, which should enable you to configure the implementation.
These MDM policy settings use the PassportForWork configuration service provider (CSP), and will enable you to configure Passport use across your organisation.
After you have implemented Windows Passport as a requirement through Group Policy, you will need to inform your users on how to set up and use the PIN. They should be aware that while they may be required to change their Active Directory or Azure Directory (AD) account password regularly, any password changes have no effect on Passport.
The user will be prompted to choose who owns the device. This allows for BYOD policies to be included in PIN protection. Select as necessary.
You will then arrive at this screen – as you would imagine, click the ‘Create PIN’ button.
Create and confirm your chosen PIN.
As part of the two-factor authentication, you will need to enter your phone number. Microsoft will text you a verification code. Once you receive it, enter it below.
Once you’re all set up, your welcome screen will look something like this.
The PIN is a new feature for Windows 10 only, and it remains to be seen whether it delivers on the security benefits that Microsoft claims. After you’ve given it a go, if you’re not a fan, or remain to be convinced on its power to protect, keep an eye on our blog for an upcoming post on how to disable it.