Fido 2 Stick works when Microsoft Entra fails/ not available? compatible with Citrix Workspace (VM).

KonstantinSilka 0 Reputation points
2023-09-26T11:40:41.0366667+00:00

Just thinking about going to Fido2 security sticks for MFA. A hybrid deployment is being considered. On-Premise AD must remain.

I still have the following questions:

  • Windows 10 login against the domain would be possible without problems?
  • What if Microsoft Entra fails? Will authentication still work then? How long would the authentication work?
  • Will the Fido 2 stick work on Citrix Workspace (VM)?

thanks

Microsoft Entra
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Fabio Andrade 1,660 Reputation points Microsoft Employee
    2023-09-26T22:14:25.52+00:00

    Hi @KonstantinSilka ,

    Thanks for posting your question on Microsoft Q&A.

    The documentation below has more detailed information about using FIDO keys for Windows Sign-In:

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-windows

    Besides, I'm sending some answers for your questions:

    1 - You can use your FIDO keys to sign in with onpremises resources if you have a Hybrid environment, now called Microsoft Entra Hybrid Joined Devices. This document has more details about the prerequisites https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-windows#requirements

    Also, this other document details the steps to configure FIDO key to access the onpremises resources: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises

    2 - If EntraID is unavailable, users can still fallback to user/password or any other cached method in place

    3 - Using FIDO with VDI, RDP or Citrix is not supported at this moment.

    Hope it helps you with your decision!

    Thanks

    0 comments No comments

  2. Fabio Andrade 1,660 Reputation points Microsoft Employee
    2023-10-12T22:14:47.0166667+00:00

    Hi @KonstantinSilka

    I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

  3. Fabio Andrade 1,660 Reputation points Microsoft Employee
    2023-10-17T21:09:42.17+00:00

    Hi @KonstantinSilka

    I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

  4. Fabio Andrade 1,660 Reputation points Microsoft Employee
    2023-10-26T20:42:56.14+00:00

    Hi @KonstantinSilka

    I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.