The Secret to Scalable FIDO Success: Key Takeaways from Our February Webinar with Microsoft and Thales
Date: 2025-07-09
Author: Versasec
Early this year, we hosted a comprehensive webinar with Microsoft and Thales, titled The Secret to Scalable FIDO Success: Simplifying Key Provisioning and Lifecycle Management in Microsoft Entra ID. The session provided valuable insights into the hidden challenges when adopting FIDO2 out-of-the-box and the secret to really scaling and successfully adopting this technology.
The Alarming Rise of Identity Attacks
Microsoft’s data painted a stark picture: identity attacks are not just increasing, but accelerating. We learned that password attacks per second have surged from 579 in 2021 to over 7,000 in 2024. Furthermore, MFA fatigue attempts are a growing concern, with over 6,000 recorded per day in 2023. These figures highlight the urgent need for stronger, more resilient authentication methods beyond traditional passwords and even basic multi-factor authentication (MFA).
Streamlining FIDO Key Deployment with APIs and Solutions
The webinar also covered something critical, which we’re seeing with many of our new customers: the hidden complexities of deploying FIDO2 keys out-of-the-box.
Thales shed light on common FIDO2 deployment pain points, such as configuration management, hybrid IT ecosystem integration, and IdP registration/revocation. Gregory Vigroux, Sr. Product Manager, PKI/FIDO Product Line at Thales explained the IdP registration/revocation pain point as:
“Sometimes you can have Entra ID plus something else. Now the user has to register himself to Entra ID and to another one. So that’s very painful. And from the IT perspective as well, how will you revoke it? You will have to go to Entra ID and the second IdP to revoke the key. All of that is very painful.”
With Versasec’s vSEC:CMS, the process is simplified and a security device is automatically enrolled in an IdP like Microsoft Entra ID (or Thales SafeNet Trusted Access, PingIdentity ID, Okta, Forgerock) from the credential management platform. Versasec is revolutionizing how IT administrators and organizations worldwide seamlessly manage FIDO2 devices in the enterprise.
The latest FIDO standard (CTAP2.1) is bringing some control, but Thales believes that is not enough. Thales’s Enterprise Features, like Managed Mode and Enhanced PIN Management, address these challenges and further build more control around FIDO2 for safe management. Gregory shares with us,
One of these Enterprise Features, “requested a lot by our customers is the capacity to unblock the FIDO key. Today, by the standard, if the user forgets his PIN, the only solution is to fully reset the product. And then, it will lose all of its credentials. He will have to re-enroll again. And as we’ve said already it’s a burden to enroll, so it’s not really good. Thanks to this feature, now the IT admin will be able to unblock the FIDO token and ask the user to change the PIN.”
A Unified Approach to Stronger Identity Security
If you have found these hidden challenges when issuing and managing FIDO2 devices, or you would like to be prepared to manage your first FIDO2 deployment, you’ve come to the right place. Find the unified approach that Microsoft, Thales, and Versasec are bringing together to accomplish a smooth adoption of FIDO2 in the enterprise.
vSEC:CMS
Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.
Free Product Trial
Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.
Job Openings
We are always looking for new exceptional persons to join our team! Find out more about our job openings.