With many employees suddenly working from home, there are things an organization and employees can do to help remain productive without increasing risk.
Identity & Access Management
Earning and retaining the public’s trust requires a modern approach to protecting data. Governments can adopt a Zero Trust approach to cybersecurity with the help of Microsoft 365.
The post Government data protection—earning and retaining the public’s trust with Microsoft 365 appeared first on Microsoft 365 Blog.
We just turned on the ability to securely sign in with your Microsoft account using a standards-based FIDO2 compatible device—no username or password required!
The post Secure password-less sign-in for your Microsoft account using a security key or Windows Hello appeared first on Microsoft 365 Blog.
Today I’m going to blog about something a bit different: the important role identity open standards play in accelerating innovation. If you’re an identity geek or an open standards geek, or just interested in understanding where we believe the future of identity is headed, I think you’ll find it interesting.
At Microsoft, we firmly believe that open identity standards accelerate innovation. Some of you might think this is an oxymoron. Let me explain why it isn’t.
By building upon widely implemented industry standards, innovators are free to focus on the innovative aspects of their work, letting existing standards do the heavy lifting for the needs of their projects that standards already address. The potential for use of cryptographic and digital identity standards in decentralized systems illustrates this point.
Microsoft is deeply engaged with a ton of innovative members of the identity community, and we’re all working together to design and prototype an open standards–based approach to decentralized public key–based identity systems. Needless to say, we are VERY excited by the potential here.
We love what’s happening and the way innovators are coming together to enable new digital identity possibilities. All of us want these possibilities to achieve their promise as quickly as possible. Integrating and maintaining interoperability with existing identity management systems—all based on standards—will be key to accelerating this process.
Standards play a huge role in enabling innovation in decentralized public key–based identity systems. By using widely adopted industry cryptographic and data representation standards as an agreed framework, innovators in this space can achieve laser focus on the unique value that they’re adding. Furthermore, use of standards, where applicable, will facilitate faster adoption as decentralized public key–based systems move from prototypes to production systems.
To make things concrete, we believe that use of the following standards will accelerate innovation when building decentralized identity systems:
- JWK [RFC 7517] is a widely deployed representation of cryptographic keys.
- JWS [RFC 7515] is a simple, flexible representation of digital signatures.
- JWE [RFC 7516] is a no-nonsense JSON-based representation encrypted content.
- JWA [RFC 7518] defines an initial set of algorithms for use with all the above.
- JWT [RFC 7519] is a simple, powerful, widely deployed representation of claims (including that JWT is often used for representing verified claims).
- CBOR [RFC 7049] defines a compact binary data representation, which can be used as an alternative to JSON [RFC 8259] when size is at a premium.
- COSE [RFC 8152] is the CBOR equivalent of JWK, JWS, JWE, and JWA.
- CWT [RFC 8392] is the CBOR equivalent of JWT, providing a binary claims representation.
- W3C Web Authentication and FIDO Client to Authenticator Protocol (CTAP) employ the building blocks above for public key–based authentication.
Great standards not only solve current use cases but enable solving new ones. The JOSE [RFC 7515-7518] and JWT [RFC 7519] standards and their binary equivalents explicitly enable innovation while still using the standards. How is this possible?
While JWA [RFC 7518] defined how to a set of commonly used cryptographic algorithms with JWS, JWE, and JWK, it also established the IANA JOSE Algorithms registry to enable additional algorithms to be used for new use cases, without having to revise the JOSE standards. For instance, RFC 8037 defined how to use new elliptic curves with JWS, JWE, and JWK. Microsoft is currently working with decentralized systems implementers on registering the secp256k1 algorithm for use with JWS and COSE. And when new cryptographic algorithms are invented, new identifiers can and will be registered for them in the IANA JOSE Algorithms registry.
Microsoft is building a proof of concept for decentralized identities based on these robust industry standards. We’d like to invite others to join us using this approach. Together we can dramatically accelerate innovation and rapid adoption using this approach.
We’re excited to see what we’ll achieve together!
Alex Simons (Twitter: @Alex_A_Simons)
Corporate Vice President of Program Management
Microsoft Identity Division
We heard our customers loud and clear—they want support for the Microsoft Authenticator app on Apple Watch. So, that’s why I’m thrilled to announce we are starting to roll out the public preview of the Microsoft Authenticator companion app for Apple Watch and plan to release to general availability within the next few weeks. This experience will allow you to approve sign-in notifications that require PIN or biometric on your Watch without having to use your phone.
The Microsoft Authenticator app on Apple Watch supports Microsoft personal, work, and school accounts that are set up with push notifications. All supported accounts automatically sync to the Watch.
Try it out
To test drive the app, upgrade to Microsoft Authenticator v. 6.0.0+ on your phone when it becomes available to you. If you want to try it out before it’s generally available, sign up to become a Microsoft Authenticator TestFlight user.
Once you have the upgrade installed, just follow these three steps:
- Make sure your phone and Watch are paired.
- Open the Microsoft Authenticator app on your Watch.
- Under the account title, tap the Set up button. If there’s no Set up button next to your account, no action is required! You can now approve sign-in notifications on your Watch.
To see the full experience in action, sign in to your account using the Microsoft Authenticator. When a notification comes to your Watch, you can easily and quickly approve.
From a security standpoint, we still consider the experience on the Watch as two-step verification. The first factor is your possession of the Watch. The second factor is the PIN that only you know. When you put the Watch on your wrist in the morning, you will need to unlock it. As long as you don’t remove the Watch from your wrist and it stays within range of your phone, it will stay unlocked—so you don’t need to provide your PIN again.
If you have additional questions, please see our Microsoft Authenticator app FAQ page. Also, feel free to comment below—we would love to hear your feedback and suggestions.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division
The post Microsoft Authenticator companion app for Apple Watch now in public preview appeared first on Microsoft 365 Blog.