EIDSCA.AF03 - Authentication Method - FIDO2 security key - Enforce attestation.
Overview
Requires the FIDO security key metadata to be published and verified with the FIDO Alliance Metadata Service, and also pass Microsoft's additional set of validation testing.
Test script
https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')
.isAttestationEnforced -eq 'true'
Related links
- Open in Graph Explorer
- fido2AuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 | Microsoft Learn
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.AF03 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaAF03 |
| Tags | EIDSCA, EIDSCA.AF03 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaAF03.ps1