Authentication Method - FIDO2 security key - Enforce attestation
Requires the FIDO security key metadata to be published and verified with the FIDO Alliance Metadata Service, and also pass Microsoft's additional set of validation testing.
| Name | isAttestationEnforced |
| Control | Authentication Method - FIDO2 security key |
| Description | Define configuration settings and users or groups that are enabled to use FIDO2 security keys |
| Severity | High |
How to fix
Microsoft Learn - Enable passkeys (FIDO2) for your organization: Enforce attestation
Details of configuration item
| Recommendation | |
| Configuration | policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2') |
| Setting | isAttestationEnforced |
| Recommended Value | 'true' |
| Default Value | true |
| Graph API Docs | fido2AuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |