You need to configure authentication for the app.
Which two technologies should you use? Each correct answer presents part of the solution.
A. Windows Hello
B. Windows Kerberos
C. Azure Active Directory
D. Microsoft Passport
Correct Answer: AD
Explanation/Reference:
Microsoft Hello
Microsoft Hello provides simple multi-factor authentication using facial recognition (or iris, or fingerprints) that is used to access the Microsoft Passport private key stored in the secure TPM chip. For the first time, Microsoft has included the biometric software (middleware) in Windows 10 to support biometrics for authentication. In previous versions of Windows, the OEM (HP, Dell, Lenovo, etc) needed to add its own biometric middleware to support biometric authentication.
From scenario: The app must meet the following requirements related to security:
Use a multi-factor authentication (MFA) by using email and a verification code to identify the user.
Securely store credentials and retrieve credentials.
Automatically sign in the user irrespective of the device that is used to sign in to the app.
Store the resource name within the app itself.
Connect to an authentication app by using the URI schema fabrikam-security://oauth/.
Note: Microsoft Passport
Microsoft has resurrected the Passport moniker for a new PKI credential system that requires multi-factor authentication. Most interesting about Microsoft Passport is that it fully supports the Fast IDentity Online (FIDO) Alliance standards which means it will work with many web/cloud services without modification.
The plan is that users of cloud services supporting FIDO is that there will no longer be passwords associated with the user’s account.
Microsoft Passport involves a user logging onto the Windows 10 computer with multi-factor (PIN, face, iris, fingerprint, etc) and either creating a new account or associating an existing account with an IDentity Provider (IDP). Windows generates a public/private key pair with the private key stored securely outside of the Windows 10 OS. The public key is associated with the account so that a challenge can be sent that can only correctly respond to the IDP. Another key point to the Microsoft Passport credential system is that the user needs to enroll every device used to access the service (IDP). Reference: https://adsecurity.org/?p=1535
Explanation/Reference:
Microsoft Hello
Microsoft Hello provides simple multi-factor authentication using facial recognition (or iris, or fingerprints) that is used to access the Microsoft Passport private key stored in the secure TPM chip. For the first time, Microsoft has included the biometric software (middleware) in Windows 10 to support biometrics for authentication. In previous versions of Windows, the OEM (HP, Dell, Lenovo, etc) needed to add its own biometric middleware to support biometric authentication.
From scenario: The app must meet the following requirements related to security:
Use a multi-factor authentication (MFA) by using email and a verification code to identify the user.
Securely store credentials and retrieve credentials.
Automatically sign in the user irrespective of the device that is used to sign in to the app.
Store the resource name within the app itself.
Connect to an authentication app by using the URI schema fabrikam-security://oauth/.
Note: Microsoft Passport
Microsoft has resurrected the Passport moniker for a new PKI credential system that requires multi-factor authentication. Most interesting about Microsoft Passport is that it fully supports the Fast IDentity Online (FIDO) Alliance standards which means it will work with many web/cloud services without modification.
The plan is that users of cloud services supporting FIDO is that there will no longer be passwords associated with the user’s account.
Microsoft Passport involves a user logging onto the Windows 10 computer with multi-factor (PIN, face, iris, fingerprint, etc) and either creating a new account or associating an existing account with an IDentity Provider (IDP). Windows generates a public/private key pair with the private key stored securely outside of the Windows 10 OS. The public key is associated with the account so that a challenge can be sent that can only correctly respond to the IDP. Another key point to the Microsoft Passport credential system is that the user needs to enroll every device used to access the service (IDP). Reference: https://adsecurity.org/?p=1535
