I created a passkey in MS authenticator for a client and it worked like a charm.
What a great process that was. Once I created it, when I was asked to verify my account after putting in my email address, I held up my phone to see the image as directed. It provided a link that I clicked on and it brought up Authenticator which knew the right ID/account that I was using. I clicked on verify and then I was in. Easy!
What is nice about this instead of just a simple MS MFA authenticator pop up is that 1, I don’t have to type a random number. 2, I don’t have worry about being hacked. Since this passkey is unique and I set it up, and MS verified this process I can trust the process and do this. When this is inside of an Azure Virtual Desktop, it would be easily trusted by end users and that is a helpful for any user adoption.
We really have the tools for better security we just need to use them.