Passwordless Azure VM SSH login using FIDO2 security keys (Part 2)

This post is a part of a series.

Part 1 – FIDO2 and configuration
Part 2 – Conditional Access policy to allow access only from a compliant device (this post)
Part 3 – Passwordless SSH login in action

I’ve chosen the scenario where SSH login is only allowed to the user if they are connecting from a compliant device, so I need a Conditional Access policy to enforce that restriction.

Conditional Access Policy

Under cloud apps, I selected “Azure Linux VM Sign-in” and “Azure Windows VM Sign-in”. The demo will just show Linux, but either one will work.

And then I selected to grant access only when the two conditions selected are met:

Require multi-factor authentication (met by the FIDO2 security key)
Require device to be marked compliant (per the Microsoft Endpoint Manager compliance policy)

VM details

The users have been assigned either “Virtual Machine Administrator Login” or “Virtual Machine User Login” roles.

Additionally, this VM was provisioned to allow SSH using Azure AD credentials.

In part 3 of this series we’ll see the passwordless SSH login in action.

Passwordless Azure VM SSH login using FIDO2 security keys (Part 2)

Conditional Access Policy

VM details

2 thoughts on “Passwordless Azure VM SSH login using FIDO2 security keys (Part 2)”

Leave a comment Cancel reply

Conditional Access Policy

VM details

Share this:

Related

2 thoughts on “Passwordless Azure VM SSH login using FIDO2 security keys (Part 2)”

Leave a comment Cancel reply