FIDO2 Authentication [CHK-1170]
This check determines if users can set FIDO2 as an authentication method.
Rationale
FIDO2 is a standard that provides phishing-resistant security keys for authentication. Enabling this method allows users to better secure their accounts.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to Entra ID portal at https://entra.microsoft.com
- Go to Authentication methods > Policies
- Click on "FIDO2 security key"
- Set "Enable" to "Yes"
- Under "Target", select "All users" or specific groups
- Under "Configure", set "Allow self-service set up" to "Yes"
- Click "Save"
Impact
Current configuration:
- FIDO2 Status:
- Self-registration:
Recommended configuration:
- FIDO2 Status: enabled
- Self-registration: true