[FEATURE] Implement Edge WebView for FIDO2 or Windows Hello Support

[Mac-Chiato]

A lot of modern companies require using FIDO2 for users or at least admins. Microsoft already migrated their own MG modules to work with authentication based on security keys etc. by moving from iexplore engine to Edge WebView. This does not work currently with pnp

Modern authentication should also be supported by PnP.

[gautamdsheth]

@Mac-Chiato - how do I get this screen in my tenant ? Can you point me to the docs for this, would help me better investigate and work on it.

[Mac-Chiato]

@gautamdsheth First off, you need a license that includes Conditional Access. Then you can create a policy that blocks access if a defined level of authentication strength can not be garantueed. A description is here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-strengths

For developers, there are additional infos in this article: https://learn.microsoft.com/en-us/entra/identity-platform/support-fido2-authentication#desktop

[gautamdsheth]

Hello @Mac-Chiato , thanks for raising the feature request. Starting with tomorrow's nightly builds, we have added support for Windows Hello.

To use the , you will have to connect as below:

Connect-PnPOnline -Url <url> -Interactive -EnableLoginByWAM

This will open the windows auth broker instead of the popup. Hope it helps !

[ztrhgf]

There is no such thing as -EnableLoginByWAM?