Authentication Method - FIDO2 security key - Enforce key restrictions
Why This Matters
FIDO2 security keys provide strong phishing-resistant authentication, but without key restrictions, users can register devices from any vendor or platform. This exposes your organization to potential risks from untrusted or non-compliant hardware that may not meet your security standards. Enforcing key restrictions ensures only approved FIDO2 authenticators are used, reducing attack surface and maintaining control over authentication devices.
What Aether365 Checks
Aether365 verifies that the keyRestrictions.isEnforced setting is enabled in the FIDO2 authentication method configuration under Entra ID policies. This check appears in your Aether365 dashboard under the Entra ID security checks section.