Microsoft and Yubico Part 4 - Enterprise Strong Authentication Recommended Action Items

This document lists all the references in the series in one easy to find place. Additional informational references are also provided for more details.


Enable security keys as an available passwordless authentication method

Secure the admins by enforcing MFA

Drive more adoption of passwordless using Conditional Access Policies

Enable Windows sign-in with FIDO2 security keys

Federate your SaaS applications with Azure AD

Enable alternate MFA options for applications that don't support passwordless

  • Leverage Azure MFA OATH-TOTP capabilities with YubiKeys if passwordless sign-in cannot be leveraged.
  • Leverage SaaS applications' native MFA capabilities with YubiKeys if the SaaS application cannot be federated with Azure AD

Synchronize your on-premises users with AAD Connect

Migrate on-premises applications federated with AD FS using Azure AD federation

Enable on-premises legacy IWA applications to use passwordless sign-in

Enable MFA for on-premises applications using RADIUS with NPS Server extension

Certificate based sign-in with smart cards