In this episode of the Security Swarm Podcast, our host Andy and guest speaker Jan Bakker discuss passkeys in the Microsoft ecosystem. They cover topics such as the definition of passkeys, prerequisites, tips for implementation, and the user experience. They also highlight the user-centric enrollment process, the role of conditional access, and the potential challenges and advantages of transitioning to passkeys. 

Key takeaways: 

• Passkeys are a new authentication mechanism using the FIDO2 standard, providing a secure and user-friendly passwordless experience. 
• Device-bound passkeys are more secure but not transferable between devices, while syncable passkeys offer convenience but may introduce potential security risks. 
• Passkeys enhance security by being phishing-resistant and replacing traditional passwords and MFA methods. 
• The enrollment process involves using the Microsoft Authenticator app and ensuring prerequisites like device compatibility and Bluetooth connectivity. 
• Admins can enforce authentication method policies and conditional access to control user access and enhance security. 
• User education, interface improvements, and conditional access play crucial roles in a successful transition to passkeys. 

Timestamps: 

(03:04) - Unlocking the Future of Passkeys and the Evolution of Authentication 

(06:18) - Exploring the Security Benefits of Device Bound and Syncable Passkeys 

(14:54) - How to Prepare for Passkeys in Microsoft 365 

(23:03) - Navigating the Rollout of Passkeys for Enhanced Security: Admins vs End Users 

(29:03) - Maximizing Security with Passkeys, Conditional Access, and Authentication Policies 

(33:01) - Unveiling the Convenience of Device-Bound Passkeys in Vasquez for Microsoft 365 

Episode Resources: 

Previous episode on Passkeys

Blog post of Jan