Secure Azure AD Sign-In Experience for Windows 10 Users
Question
You have been tasked by your company to propose an Azure AD sign-in experience for your users and need to recommend an authentication method.
All devices are on Windows 10 OS.
You must recommend the most secure solution.
What should you recommend?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
Out of these alternatives, Windows Hello for Business is considered most secure.
It replaces passwords with strong two-factor authentication on PCs and mobile devices, and addresses the following problems with passwords: People reuse passwords on multiple sites due to difficulty to remember the password.
Users may unknowingly expose their passwords due to phishing attacks.
Server breaches can expose symmetric network credentials.
Users are exposed to replay attacks.
Review table from MS docs regarding the security level of the different authentication methods:
/answer/imgckeditor_1_19_23.png)
Option A is incorrect.
SMS-based authentication is not currently compatible with Azure AD Multi-Factor Authentication.
It is not the most secure option.
Option B is incorrect.
Software OATH tokens are typically applications such as the Microsoft Authenticator app and other authenticator apps.
Azure AD generates the secret key that is input into the app and used to generate each OTP.
Windows Hello for Business is the more secure alternative.
Option D is incorrect.
Password is usually used for old applications that don't support modern authentication and can be configured for per-user Azure AD Multi-Factor Authentication.
This is the least secure alternative.
To know more about Windows Hello for Business, please refer to the link below:
The most secure authentication method recommended for the Azure AD sign-in experience on Windows 10 devices is Windows Hello for Business.
Windows Hello for Business is a biometric authentication method that provides a password-free sign-in experience for users. It supports various authentication factors such as fingerprint recognition, facial recognition, and iris scanning, which are more secure than traditional passwords.
SMS and passwords are not secure enough for authentication, as SMS can be intercepted and passwords can be easily guessed or hacked. OATH software tokens provide an additional layer of security, but they require users to have a separate device to generate the token, which may not be convenient for all users.
Windows Hello for Business, on the other hand, is built into the Windows 10 operating system and can be easily integrated with Azure AD. It uses strong cryptography to protect user credentials, making it difficult for attackers to intercept or steal them. It also supports multi-factor authentication, which provides an additional layer of security.
Overall, Windows Hello for Business is the most secure authentication method recommended for the Azure AD sign-in experience on Windows 10 devices.
