A Microsoft logo is seen during a conference in San Francisco. (Photo by Stephen Lam/Getty Images)

Microsoft on Monday announced the public preview of a single sign-on experience over Azure AD and support for passwordless authentication using Windows Hello and security devices such as FIDO2 keys.

This new functionality has been made available on Windows 10, Windows 11, and Windows Server 2022 session hosts once the administrator has installed the September Cumulative Update Preview.

In a blog post, David Belanger of Microsoft’s remote desktop services team, said with this preview, Windows administrators can do the following:

  • Enable a single sign-on experience to Azure AD-joined and Hybrid Azure AD-joined session hosts when using the Windows and the web clients.
  • Use passwordless authentication to sign-in to the host using Azure AD.
  • Run passwordless authentication inside the session when using the Windows client.
  • Leverage third-party Identity Providers (IdP) that integrate with Azure AD to sign in to the host.

For Azure AD-joined and Hybrid Azure AD-joined devices, passwordless authentication with Windows Hello or FIDO2 keys will offer IT admins secure new options for authentication, said Craig Lurey, co-founder and CTO at Keeper Security.

“Anywhere that the user experience can be improved while adding additional security is a welcome addition to Microsoft's ecosystem,” Lurey said. “However, the administrator must still ensure accounts are also protected with a strong and unique password, and managed within a secure password management system. Additionally, if the security key or Windows Hello log-in method gets lost, damaged or forgotten, a strong password must be used as a fallback authentication method.”