Passwords

EntraFIDOFinder: New Web UI and Over 70 New Authenticators

January 26, 2026 by ClaytonT Leave a Comment

You read that right, over 70 new authenticators are now approved for Entra Attestation and have been add to the web ui and the PowerShell module! I knew they had to be holding back after these last few updates. Also I’ve updated the web UI and curious of your thoughts. I wanted to make it more modern and easier to view, especially the details window.

Here are a few of the new authenticators, but check the change log for the full list.

Android Authenticator

AAGUID: b93fd961-f2e6-462f-b122-82002247de78

Supported Interfaces:

Interface	Supported
Biometric	✅
USB	❌
NFC	❌
BLE	❌

ATLKey Authenticator

AAGUID: 019614a3-2703-7e35-a453-285fd06c5d24

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	❌
BLE	❌

Dapple Authenticator from Dapple Security Inc.

AAGUID: 6dae43be-af9c-417b-8b9f-1b611168ec60

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	❌
BLE	❌

Deepnet SafeKey/Classic (FP)

AAGUID: e41b42a3-60ac-4afb-8757-a98f2d7f6c9f

Supported Interfaces:

Interface	Supported
Biometric	✅
USB	❌
NFC	❌
BLE	❌

Deepnet SafeKey/Classic (USB)

AAGUID: b9f6b7b6-f929-4189-bca9-dd951240c132

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	❌
BLE	❌

ellipticSecure MIRkey USB Authenticator

AAGUID: eb3b131e-59dc-536a-d176-cb7306da10f5

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	❌
BLE	❌

Ensurity AUTH BioPro Desktop

AAGUID: 9eb85bb6-9625-4a72-815d-0487830ccab2

Supported Interfaces:

Interface	Supported
Biometric	✅
USB	✅
NFC	❌
BLE	❌

Ensurity AUTH TouchPro

AAGUID: 50cbf15a-238c-4457-8f16-812c43bf3c49

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	❌
BLE	❌

I’ve been working on better ways to see what keys have been added, removed, or modified, as well as approving valid vendors. It’s not perfected yet, but when I get closer, I’ll do a demo of it.

Let me know what you think of the new design and what functionality you wish it had. Also are there any keys you wish were attestation approved for Entra?

Where to get:
PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.22
Github: https://github.com/DevClate/EntraFIDOFinder/tree/main
Web UI: https://devclate.github.io/EntraFIDOFinder/Explorer/

Appreciate you taking the time and stay safe out there!

v0.0.20 EntraFIDOFinder is out

October 20, 2025 by ClaytonT Leave a Comment

4 New keys have been added and a few changes in capabilities!

New Keys:

Hyper FIDO Pro NFC – 23195a52-62d9-40fa-8ee5-23b173f4fb52
Hyper FIDO Pro (CTAP2.1, CTAP2.0, U2F) – 6999180d-630c-442d-b8f7-424b90a43fae
DEMIA SOLVO Fly 80 R3 FIDO Card c – dda9aa35-aaf1-4d3c-b6db-7902fd7dbbbf
IDEMIA SOLVO Fly 80 R3 FIDO Card e – def8ab1a-9f91-44f1-a103-088d8dc7d681

Updated Keys:

Updated ‘NFC’ for AAGUID ‘3f59672f-20aa-4afe-b6f4-7e5e916b6d98’ from ‘✅’ to ‘❌’.
Updated ‘USB’ for AAGUID ‘b12eac35-586c-4809-a4b1-d81af6c305cf’ from ‘✅’ to ‘❌’.
Updated ‘NFC’ for AAGUID ‘b12eac35-586c-4809-a4b1-d81af6c305cf’ from ‘✅’ to ‘❌’.
Updated ‘NFC’ for AAGUID ‘9d3df6ba-282f-11ed-a261-0242ac120002’ from ‘✅’ to ‘❌’.
Updated ‘USB’ for AAGUID ’39a5647e-1853-446c-a1f6-a79bae9f5bc7′ from ‘❌’ to ‘✅’.
Updated ‘BLE’ for AAGUID ’39a5647e-1853-446c-a1f6-a79bae9f5bc7′ from ‘❌’ to ‘✅’.
Updated ‘USB’ for AAGUID ‘820d89ed-d65a-409e-85cb-f73f0578f82a’ from ‘❌’ to ‘✅’.
Updated ‘BLE’ for AAGUID ‘820d89ed-d65a-409e-85cb-f73f0578f82a’ from ‘❌’ to ‘✅’.

How have your FIDO2 implementations been going? Would love to hear your stories!

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.20
GitHub: https://github.com/DevClate/EntraFIDOFinder

Did you know: SSPR/Password Reset Edition

August 18, 2025 by ClaytonT Leave a Comment

Did you know if you convert to the combined experience for SSPR and password reset, you can remove less secure phone, email, and text authentication? This is as long as you have Authenticator registered and higher methods allowed. See below for SSPR.

This works for SSPR and for password reset through My Sign-Ins.

The gotcha is if you have 2 methods required for SSPR, it will say your not registered for SSPR even if your enabled for it, but only have 1 method (Microsoft Authenticator) registered. As you can see below.

I would definitely recommend adding more secure options as well but at the minimum I’d use Authenticator or higher.

How do you keep your user protected in this situation?

Hope this quick tip was useful and have a great day!

EntraFIDOFinder Update

June 23, 2025 by ClaytonT Leave a Comment

June( v0.0.18) update is here and we skipped May as I could tell they were still making some changes so I didn’t push them to the PowerShell gallery. This month they removed 50+ keys as they were unapproved models, but there are still over 150 keys that are Entra Attestation capable!

How is your FIDO2 journey going? What are you wishing this module could do?

Appreciate all feedback and have a great day!

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.18
GitHub: https://github.com/DevClate/EntraFIDOFinder
Web Version: https://devclate.github.io/EntraFIDOFinder/Explorer/

EntraFIDOFinder March Update

March 3, 2025 by ClaytonT Leave a Comment

We are in March, and looks like no new major changes. I may have to start sending this update out later in the week, as I’m wondering if Microsoft hasn’t updated their page yet.

Some things I did notice were that a few of the YubiKey names slightly changed on the FIDO Alliance database, but haven’t changed on Microsoft side, so I need to wait before I change them on mine so I don’t keep getting errors if it doesn’t match up with Microsoft.

Although, these won’t show up on Microsoft’s website, 3 Yubico keys have received L2 certification now.

dd86a2da-86a0-4cbe-b462-4bd31f57bc6f – YubiKey Bio FIDO Edition
58276709-bb4b-4bb3-baf1-60eea99282a7 – YubiKey Bio Series – Multi-protocol Edition 1VDJSN
90636e1f-ef82-43bf-bdcf-5255f139d12f – YubiKey Bio Series – Multi-protocol Edition

I’ll keep an eye out and see if Microsoft updates their naming for the few and see if any other features change, but for now, that is all. No new PowerShell module version until Microsoft puts out an update or features are added, but did add the L2 certifications to the web version.

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.15
GitHub: https://github.com/DevClate/EntraFIDOFinder
Web Version: https://devclate.github.io/EntraFIDOFinder/Explorer/

Have a great day!

October 14, 2024 – Tomorrow is MFA Enforcement day and we have our first FIDO2 key update

October 14, 2024 by ClaytonT Leave a Comment

Today is the last day before Phase 1 of MFA Enforcement of Microsoft portals being turned on. This includes break glass accounts as well, so make sure you have your FIDO keys, Certs, or a dedicated computer with Windows Hello for Business setup.

You can learn more of the details at Microsoft Learn – https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication

If you want to see what accounts will be affected, check out Daniel Bradley’s great blog at https://ourcloudnetwork.com/how-to-assess-the-impact-of-mfa-enforcement-in-azure/

This past Saturday we had our first update to the FIDO2 key database. The OneSpan DIGIPASS FX1 BIO now has been approved for NFC. It looks like it was updated later on Friday as the page shows last updated on the 11th, but when I had checked that morning there wasn’t an update.

Also, I’ve updated the module to show the change in database as well as when you check which version of the database you have it automatically tells you if it is outdated instead of needing to then run the -NewVersion parameter.

Added Cmdlet Get-FIDODbLog which will show you the database merge log so you don’t have to go to the web to see it and will have it right in your terminal.

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.10
GitHub: https://github.com/DevClate/EntraFIDOFinder
Interactive Key Explorer: https://devclate.github.io/EntraFIDOFinder/Explorer/

Hope this helps with your security journey, and if there is anyway I can help, please feel free to reach out.