Authentication Method - FIDO2 security key - Restrict specific keys
Why This Matters
Without restricting FIDO2 security keys to approved models, attackers could potentially use unauthorized or counterfeit security keys to bypass your authentication controls. Restricting keys by their AAGUID (Authenticator Attestation GUID) ensures that only trusted hardware security keys can be used for passwordless sign-ins, reducing the risk of phishing and credential theft.
What Aether365 Checks
Aether365 verifies whether your tenant has configured an allowlist or blocklist of specific FIDO2 security key AAGUIDs under the FIDO2 authentication method policy. This check appears in the Aether365 dashboard under Entra ID security assessments.