Microsoft & Intercede Logo Banner

Microsoft Intune integrates MyID to help customers authenticate using mobile credentials

Phil Edge November 5th 2019 PIV

Intercede has worked with Microsoft to integrate MyID® into Microsoft Intune for mobile authentication.

The integration provides a secure, passwordless method for organisations to derive smart card credentials to iOS devices. Support for Android Enterprise fully managed devices and Windows 10 is expected in the future.

Evolving to embrace mobile

Many organisations operate passwordless multi-factor authentication for employees using smart cards. Employees and contractors use the smart card and a reader to authenticate themselves for secure access to desktops and laptops.

Smart cards enable users to authenticate for secure access to apps, websites, Wi-Fi, VPN, and enables S/MIME to sign and encrypt email.

With mobile devices in regular use across federal agencies and enterprises, many organisations are looking at how they can enable employees and contractors to make use of the technology whilst maintaining a highly secure environment.

To help organisations embrace mobile devices across their workforce, the National Institute of Standards and Technology (NIST) created guidelines for derived Personal Identity Verification (PIV) credentials as part of Special Publication (SP) 800-157. NIST’s guidelines provide the technical requirements necessary for physical smart card users to obtain strong credentials that can then be written easily to their mobile device for authentication, S/MIME signing and encryption.

MyID and Microsoft Intune for derived credentials – how does it work?

A comprehensive walk through of the Microsoft Intune mobile device enrolment flow with derived credentials is available on Microsoft’s Tech Community blog, however, in short after enrolling their mobile device with Microsoft Intune a smart card user goes to a computer with a connected smart card reader, and authenticates to MyID using the card and user PIN. After scanning a QR code displayed on the computer screen, MyID will then issue a digital certificate to the user’s mobile device, effectively deriving the trusted identity from the smart card on to the individual’s mobile device. The certificates are then available to Microsoft Intune to use for App Authentication, Email, VPN, S/MIME signing and encryption and Wi-Fi authentication.

Derived credentials deliver high security, passwordless strong authentication across desktop, laptop, tablet and mobile devices. Providing seamless and highly secure authentication for end users across the devices they want to use.

You can find out more about MyID for derived credentials here.

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.