Product Communities
Sign In Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines
irp
New Contributor

Azure MFA with phishing resistant authentication

We are struggling to get Azure MFA set up.  We purchased the license that permits that. That is the only reason we bought that license. We use phishing resistant MFA such as FIDO key and Windows Hello.  Microsoft has been releasing conditional access rules for "require phishing resistant MFA for admins" and those rules will be set up for all at the end of Dec.  All our admins only have FIDO keys - no passwords,

 

We have set SSO up with Adobe, AutoDesk, Trimble, AFI.AI and another ERP I will not name. But, GoTo does not work. The messages we get are

Sorry, but we’re having trouble signing you in.

AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'. Contact the GoToMyPC application owner.

 

Or

AADSTS75011: Authentication method 'MultiFactor, Fido' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'. Contact the GoToMyPC application owner

 

This implies that 1. GoTo is not really supporting all of Azure's authentication. and 2. GoTo probably is  not using phishing-resistant MFA internally in their own org.

 

Adversary in the middle attacks are what 99% of phishing attacks are these days, so we need to protect ourselves, especially the admin accounts, using phishing resistant MFA.  

 

I have tried explaining this to support and I get "we support Azure MFA" as an answer.  It probably should be "we support phishing-susceptible MFA but not phishing-resistant Azure MFA."

 

‎11-16-2023 11:50 AM
0 Kudos
Reply
4 REPLIES 4
GlennD
GoTo Manager
GoTo Manager

Re: Azure MFA with phishing resistant authentication

Hi @irp, welcome to the community.

 

We are looking into this and seeing if we can recreate the issue you describe. We will post an update once we have some results.

 

Glenn is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!.

Free new user and admin training
‎11-16-2023 02:41 PM
0 Kudos
Reply
AbhishekYadav
GoTo Moderator
GoTo Moderator

Re: Azure MFA with phishing resistant authentication

Hey @irp,
We're actively working to implement and support this feature as soon as possible. Anticipate receiving an update on its progress later this week.
‎11-19-2023 05:27 AM
0 Kudos
Reply
AbhishekYadav
GoTo Moderator
GoTo Moderator

Re: Azure MFA with phishing resistant authentication

Hey @irp ,

We have released application change to facilitate FIDO2 authentication, allowing you to perform web logins using this method.

Please note that for initial installations, it's advisable to temporarily enable the MFA option during registration, as the desktop app registration flow currently does not support the security key flow. Rest assured, we have plans to release a fix soon to support security key registration for the desktop application.

 

 

‎11-22-2023 07:48 AM
Reply
irp
New Contributor

Re: Azure MFA with phishing resistant authentication

Thank you. I think we have it mostly working now.  I am struggling a bit with how to install the agent as the agent install is wants a user name/password.   I shut off SSO to install the agent, then turned it back on. 

 

‎11-22-2023 01:36 PM
0 Kudos
Reply
About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2023 LogMeIn, Inc. All Rights Reserved