Security

New EntraFIDOFinder Module Version Release!

May 25, 2026 by ClaytonT Leave a Comment

Good news and bad news.. which would you like first? Bad news? There are no new external PowerShell functions in this release, but I did create some functions to compare differences as well as one to show changes by the month. Is there a functionality you are looking for? Add an issue or discussion and lets make it happen!

Now for the changes, we have 11 new keys, 7 updated keys, and 52 keys removed.

✅ New Authenticators (11)

The following authenticators are now supported:

Clife Key 2

AAGUID: fc5ca237-69a0-4f3c-afe4-1ebc66def6df

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	❌
BLE	❌

Clife Key 2 NFC

AAGUID: 23315ad0-6aca-4ba1-952e-f044f1e36976

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	✅
BLE	❌

eToken FIDO NFC

AAGUID: b113a455-cfb6-4c17-8cba-cd952feb7d48

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	✅
BLE	❌

G+D StarKey FIDO2-NFC

AAGUID: 7a53c643-9dec-4219-b3a4-f9d24aca4e12

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	✅
BLE	❌

HID Crescendo Key V3

AAGUID: 87c13177-85d6-40ac-8c61-fe7ab3de9dfb

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	✅
BLE	❌

HID Crescendo 4000

AAGUID: 0b8b05a4-ebd4-4b0b-8f5f-33d7b6e606ab

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	✅
BLE	❌

SECORA ID V2 by Infineon Pay Edition

AAGUID: 3e9db280-256a-4e17-b08e-19d79e9be166

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	✅
BLE	❌

SECORA ID V2 by Infineon Pay Edition M

AAGUID: 005b20e1-f146-4b87-8f3a-36848ff60ea6

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	✅
BLE	❌

SECORA ID Key S USB by Infineon Consumer Edition

AAGUID: 9a272558-5cfa-4424-be37-65509677b77d

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	✅
BLE	❌

Taglio CTAP2.1 BIO

AAGUID: 0f00cc22-4640-41e7-9585-384ec73ffe9b

Supported Interfaces:

Interface	Supported
Biometric	✅
USB	✅
NFC	✅
BLE	❌

Thales PAY GFCX13 authenticator

AAGUID: 04a8fcf2-19c1-457b-911e-69219f17583f

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	✅
BLE	❌

⚠️ Updated Authenticators (7)

The following authenticators have been updated with new capability information:

Arculus FIDO 2.1 Key Card [P71]

AAGUID: 3f59672f-20aa-4afe-b6f4-7e5e916b6d98

Changes:

USB: ✅ → ❌
NFC: ❌ → ✅

Arculus FIDO2/U2F Key Card

AAGUID: 9d3df6ba-282f-11ed-a261-0242ac120002

Changes:

USB: ✅ → ❌
NFC: ❌ → ✅

GoTrust Idem Key FIDO2 Authenticator

AAGUID: 3b1adb99-0dfe-46fd-90b8-7f7614a4de2a

Changes:

USB: ❌ → ✅
NFC: ❌ → ✅

GoTrust Idem Key (Consumer profile)

AAGUID: c611b55c-77b2-4527-8082-590e931b2f08

Changes:

Description: ‘Idem Key (Consumer profile)’ → ‘GoTrust Idem Key (Consumer profile)’

IDEX CTAP2.1 Biometrics

AAGUID: 49a15c1c-3f63-3f51-23a7-b9e00096edd1

Changes:

Description: ‘IDEX CTAP2.1 Biometric, No pin’ → ‘IDEX CTAP2.1 Biometrics’
USB: ❌ → ✅

IDmelon Key

AAGUID: 39a5647e-1853-446c-a1f6-a79bae9f5bc7

Changes:

Description: ‘IDmelon Android Authenticator’ → ‘IDmelon Key’

IDmelon Authenticator

AAGUID: 820d89ed-d65a-409e-85cb-f73f0578f82a

Changes:

Description: ‘IDmelon iOS Authenticator’ → ‘IDmelon Authenticator’

❌ Removed Authenticators (52)

The following authenticators have been removed:

Android Authenticator

AAGUID: b93fd961-f2e6-462f-b122-82002247de78

Dapple Authenticator from Dapple Security Inc.

AAGUID: 6dae43be-af9c-417b-8b9f-1b611168ec60

Deepnet SafeKey/Classic (FP)

AAGUID: e41b42a3-60ac-4afb-8757-a98f2d7f6c9f

Deepnet SafeKey/Classic (USB)

AAGUID: b9f6b7b6-f929-4189-bca9-dd951240c132

ellipticSecure MIRkey USB Authenticator

AAGUID: eb3b131e-59dc-536a-d176-cb7306da10f5

Ensurity AUTH TouchPro

AAGUID: 50cbf15a-238c-4457-8f16-812c43bf3c49

Ensurity AUTH BioPro Desktop

AAGUID: 9eb85bb6-9625-4a72-815d-0487830ccab2

ESS Smart Card Inc. Authenticator

AAGUID: 5343502d-5343-5343-6172-644649444f32

eToken Fusion NFC PIV Enterprise

AAGUID: c3f47802-de73-4dfc-ba22-671fe3304f90

eWBM eFA500 FIDO2 Authenticator

AAGUID: 361a3082-0278-4583-a16f-72a527f973e4

Excelsecu eSecu FIDO2 PRO+ Security Key

AAGUID: f573f209-b7fb-b261-671a-d7cf624cc812

Feitian ePass FIDO2-NFC Plus Authenticator

AAGUID: 260e3021-482d-442d-838c-7edfbe153b7e

Feitian FIDO Smart Card

AAGUID: 2c0df832-92de-4be1-8412-88a8f074df4a

GoldKey Security Token

AAGUID: 0db01cd6-5618-455b-bb46-1ec203d3213e

Hideez Key 3 FIDO2

AAGUID: 3e078ffd-4c54-4586-8baa-a77da113aec5

Ideem ZSM FIDO2 Authenticator

AAGUID: 5e264d9d-28ef-4d34-95b4-5941e7a4faa8

IDEMIA SOLVO Fly 80 R1 FIDO Card Draft

AAGUID: 3fd410dc-8ab7-4b86-a1cb-c7174620b2dc

KeyVault Secp256R1 FIDO2 CTAP2 Authenticator

AAGUID: d61d3b87-3e7c-4aea-9c50-441c371903ad

Ledger Flex FIDO2 Authenticator

AAGUID: 1d8cac46-47a1-3386-af50-e88ae46fe802

Ledger Nano S Plus FIDO2 Authenticator

AAGUID: 58b44d0b-0a7c-f33a-fd48-f7153c871352

Ledger Nano X FIDO2 Authenticator

AAGUID: fcb1bcb4-f370-078c-6993-bc24d0ae3fbe

Ledger Stax FIDO2 Authenticator

AAGUID: 6e24d385-004a-16a0-7bfe-efd963845b34

Ledger Nano S FIDO2 Authenticator

AAGUID: 341e4da9-3c2e-8103-5a9f-aad887135200

OCTATCO EzQuant FIDO2 AUTHENTICATOR

AAGUID: bc2fe499-0d8e-4ffe-96f3-94a82840cf8c

OneKey FIDO2 Bluetooth Authenticator

AAGUID: 70e7c36f-f2f6-9e0d-07a6-bcc243262e6b

OneKey FIDO2 Authenticator

AAGUID: 69e7c36f-f2f6-9e0d-07a6-bcc243262e6b

Pone Biometrics OFFPAD Authenticator

AAGUID: 09591fc6-9811-48f7-8f57-b9f23df6413f

Samsung Pass

AAGUID: 53414d53-554e-4700-0000-000000000000

ToothPic Passkey Provider

AAGUID: cc45f64e-52a2-451b-831a-4edd8022a202

TruU Windows Authenticator

AAGUID: ba86dc56-635f-4141-aef6-00227b1b9af6

TruU Windows Authenticator

AAGUID: 95e4d58c-056e-4a65-866d-f5a69659e880

TruU FIDO2 Authenticator

AAGUID: bb878d7b-cf54-4784-b390-357030497043

FIDO Alliance TruU Sample FIDO2 Authenticator

AAGUID: ca87cb70-4c1b-4579-a8e8-4efdd7c007e0

USB/NFC Passcode Authenticator

AAGUID: cfcb13a2-244f-4b36-9077-82b79d6a7de7

TEST (DUMMY RECORD)

AAGUID: ab32f0c6-2239-afbb-c470-d2ef4e254db6

Veridium iOS SDK

AAGUID: 6e8d1eae-8d40-4c25-bcf8-4633959afc71

Veridium Android SDK

AAGUID: 5ea308b2-7ac7-48b9-ac09-7e2da9015f8c

VivoKey Apex FIDO2

AAGUID: d7a423ad-3e19-4492-9200-78137dccc136

WinMagic FIDO Eazy – TPM

AAGUID: 970c8d9c-19d2-46af-aa32-3f448db49e35

WinMagic FIDO Eazy – Software

AAGUID: 31c3f7ff-bf15-4327-83ec-9336abcbcd34

WinMagic FIDO Eazy – Phone

AAGUID: f56f58b3-d711-4afc-ba7d-6ac05f88cb19

WiSECURE Blentity FIDO2 Authenticator

AAGUID: 5753362b-4e6b-6345-7b2f-255438404c75

YubiKey 5 FIPS Series with Lightning Preview

AAGUID: 5b0e46ba-db02-44ac-b979-ca9b84f5e335

YubiKey 5 FIPS Series with Lightning (RC Preview)

AAGUID: 9e66c661-e428-452a-a8fb-51f7ed088acf

YubiKey 5 FIPS Series with NFC (RC Preview)

AAGUID: ce6bf97f-9f69-4ba7-9032-97adc6ca5cf1

YubiKey 5 FIPS Series (RC Preview)

AAGUID: d2fbd093-ee62-488d-9dad-1e36389f8826

Security Key NFC by Yubico Preview

AAGUID: 760eda36-00aa-4d29-855b-4012a182cdeb

YubiKey 5 Series with Lightning Preview

AAGUID: 3124e301-f14e-4e38-876d-fbeeb090e7bf

YubiKey 5 Series with NFC Preview

AAGUID: 34f5766d-1536-4a24-9033-0e294e510fb0

Security Key NFC by Yubico – Enterprise Edition Preview

AAGUID: 2772ce93-eb4b-4090-8b73-330f48477d73

YubiKey 5 FIPS Series with NFC Preview

AAGUID: 62e54e98-c209-4df3-b692-de71bb6a8528

ZTPass SmartAuth

AAGUID: 99bf4610-ec26-4252-b31f-7380ccd59db5

That’s it! How are you using EntraFIDOFinder? Would love to hear about it and any feedback.

Download at:
PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.23
GitHub: https://github.com/DevClate/EntraFIDOFinder

Use the web version at: https://devclate.github.io/EntraFIDOFinder/Explorer/

Have a great day!

Did you know there is a Giphy rating in Teams? Custom Maester Tests save the day

May 1, 2026 by ClaytonT Leave a Comment

Now let me ask you, how secure is your Microsoft Teams? When was the last time you looked at how it was configured? While working on another side project I had the great idea of converting some of the work to Maester tests to help others have a quick look at how their Teams is configured. These tests aren’t the end all be all, but there are 45 tests to make your Microsoft Teams more secure. If you only copy them into your custom tests folder, please make sure to review why they passed or failed, as some are for awareness until I create exact tests for them.

I will be creating more, but thought this would be a great start for many so you can see what is possible and customize them to your organization. Hopefully, you will share yours as well to help others make their Teams more secure.

How to use them? All you have to do is copy the 3 files for each test into your Custom Tests folder, then use a “Find and Replace” for “Contoso” and put in your company name. If you don’t want to change any of the expected values, you are good to go to start running the tests. If you just want to see these new tests you can run Invoke-Maester -Tag “TEAMS.TC.*” and it will only show you these new tests.

Here are some of the tests and there is a link to the repo down below

Anonymous Join Meeting – Anonymous users should not be allowed to join meetings

Anonymous Start Meeting – Anonymous users should not be allowed to start meetings

Anonymous Dial Out – Anonymous users should not be allowed to dial out to prevent toll fraud

App Sideloading – App sideloading should be disabled to enforce security review

Auto Admitted Users – Auto-admitted users should be restricted to prevent unauthorized access

Broadcast transcription settings should be reviewed

Call forwarding to phone should be reviewed

Channel meeting scheduling should be controlled

Broadcast recording settings should be reviewed

Chat settings should protect sensitive data

Broadcast attendee visibility should protect privacy

Chat permission roles should be reviewed

Email into Channel – Email into channel should be disabled to prevent bypassing email security controls

External collaboration should be configured with security controls

External non-trusted meeting chat should be disabled

External participants should not be allowed to give or request control

Federation should be restricted to specific allowed domains

Giphy content rating should be set to Strict if enabled

Guest IP video settings should be reviewed

Guest meeting chat settings should be reviewed

Guests should not be able to start ad-hoc meetings

Guest screen sharing should be limited to prevent data leakage

Guests should not control transcription

URL previews should be disabled to prevent information leakage

Let me know what you think, feel free to create an issue if their is a test you would like to see and/or if you find any issues in the tests.

And for those wondering, the giphy ratings are strict, moderate, or turned off.

Tests Repo: https://github.com/DevClate/Custom-Maester-Tests/tree/main/tests/Teams/Configuration
Web Page: https://devclate.github.io/Custom-Maester-Tests/docs/intro/

Keep sharing, stay secure, and have a great day!

EntraFIDOFinder: New Web UI and Over 70 New Authenticators

January 26, 2026 by ClaytonT Leave a Comment

You read that right, over 70 new authenticators are now approved for Entra Attestation and have been add to the web ui and the PowerShell module! I knew they had to be holding back after these last few updates. Also I’ve updated the web UI and curious of your thoughts. I wanted to make it more modern and easier to view, especially the details window.

Here are a few of the new authenticators, but check the change log for the full list.

Android Authenticator

AAGUID: b93fd961-f2e6-462f-b122-82002247de78

Supported Interfaces:

Interface	Supported
Biometric	✅
USB	❌
NFC	❌
BLE	❌

ATLKey Authenticator

AAGUID: 019614a3-2703-7e35-a453-285fd06c5d24

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	❌
BLE	❌

Dapple Authenticator from Dapple Security Inc.

AAGUID: 6dae43be-af9c-417b-8b9f-1b611168ec60

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	❌
BLE	❌

Deepnet SafeKey/Classic (FP)

AAGUID: e41b42a3-60ac-4afb-8757-a98f2d7f6c9f

Supported Interfaces:

Interface	Supported
Biometric	✅
USB	❌
NFC	❌
BLE	❌

Deepnet SafeKey/Classic (USB)

AAGUID: b9f6b7b6-f929-4189-bca9-dd951240c132

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	❌
NFC	❌
BLE	❌

ellipticSecure MIRkey USB Authenticator

AAGUID: eb3b131e-59dc-536a-d176-cb7306da10f5

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	❌
BLE	❌

Ensurity AUTH BioPro Desktop

AAGUID: 9eb85bb6-9625-4a72-815d-0487830ccab2

Supported Interfaces:

Interface	Supported
Biometric	✅
USB	✅
NFC	❌
BLE	❌

Ensurity AUTH TouchPro

AAGUID: 50cbf15a-238c-4457-8f16-812c43bf3c49

Supported Interfaces:

Interface	Supported
Biometric	❌
USB	✅
NFC	❌
BLE	❌

I’ve been working on better ways to see what keys have been added, removed, or modified, as well as approving valid vendors. It’s not perfected yet, but when I get closer, I’ll do a demo of it.

Let me know what you think of the new design and what functionality you wish it had. Also are there any keys you wish were attestation approved for Entra?

Where to get:
PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.22
Github: https://github.com/DevClate/EntraFIDOFinder/tree/main
Web UI: https://devclate.github.io/EntraFIDOFinder/Explorer/

Appreciate you taking the time and stay safe out there!

January 19, 2026 Updates to EntraFIDOFinder

January 19, 2026 by ClaytonT Leave a Comment

It’s been a bit since an update on the PowerShell module EntraFIDOFinder as there haven’t been any new keys and only a few keys have have changed functionality. It is now updated on Github and PowerShell gallery. Are there any features you would like to see on the PowerShell module or the web version? Would love to hear your input!

Updated Keys for V0.0.21

Updated ‘USB’ for AAGUID ‘820d89ed-d65a-409e-85cb-f73f0578f82a’ from ‘✅’ to ‘❌’.
Updated ‘BLE’ for AAGUID ‘820d89ed-d65a-409e-85cb-f73f0578f82a’ from ‘✅’ to ‘❌’.
Updated ‘USB’ for AAGUID ’39a5647e-1853-446c-a1f6-a79bae9f5bc7′ from ‘✅’ to ‘❌’.
Updated ‘BLE’ for AAGUID ’39a5647e-1853-446c-a1f6-a79bae9f5bc7′ from ‘✅’ to ‘❌’.
Updated ‘USB’ for AAGUID ‘9d3df6ba-282f-11ed-a261-0242ac120002’ from ‘✅’ to ‘❌’.
Updated ‘NFC’ for AAGUID ‘9d3df6ba-282f-11ed-a261-0242ac120002’ from ‘❌’ to ‘✅’.
Updated ‘USB’ for AAGUID ‘3f59672f-20aa-4afe-b6f4-7e5e916b6d98’ from ‘✅’ to ‘❌’.
Updated ‘NFC’ for AAGUID ‘3f59672f-20aa-4afe-b6f4-7e5e916b6d98’ from ‘❌’ to ‘✅’.
Updated ‘USB’ for AAGUID ‘d821a7d4-e97c-4cb6-bd82-4237731fd4be’ from ‘❌’ to ‘✅’.
Updated ‘USB’ for AAGUID ‘9f77e279-a6e2-4d58-b700-31e5943c6a98’ from ‘❌’ to ‘✅’.

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.21
GitHub: https://github.com/DevClate/EntraFIDOFinder

v0.0.20 EntraFIDOFinder is out

October 20, 2025 by ClaytonT Leave a Comment

4 New keys have been added and a few changes in capabilities!

New Keys:

Hyper FIDO Pro NFC – 23195a52-62d9-40fa-8ee5-23b173f4fb52
Hyper FIDO Pro (CTAP2.1, CTAP2.0, U2F) – 6999180d-630c-442d-b8f7-424b90a43fae
DEMIA SOLVO Fly 80 R3 FIDO Card c – dda9aa35-aaf1-4d3c-b6db-7902fd7dbbbf
IDEMIA SOLVO Fly 80 R3 FIDO Card e – def8ab1a-9f91-44f1-a103-088d8dc7d681

Updated Keys:

Updated ‘NFC’ for AAGUID ‘3f59672f-20aa-4afe-b6f4-7e5e916b6d98’ from ‘✅’ to ‘❌’.
Updated ‘USB’ for AAGUID ‘b12eac35-586c-4809-a4b1-d81af6c305cf’ from ‘✅’ to ‘❌’.
Updated ‘NFC’ for AAGUID ‘b12eac35-586c-4809-a4b1-d81af6c305cf’ from ‘✅’ to ‘❌’.
Updated ‘NFC’ for AAGUID ‘9d3df6ba-282f-11ed-a261-0242ac120002’ from ‘✅’ to ‘❌’.
Updated ‘USB’ for AAGUID ’39a5647e-1853-446c-a1f6-a79bae9f5bc7′ from ‘❌’ to ‘✅’.
Updated ‘BLE’ for AAGUID ’39a5647e-1853-446c-a1f6-a79bae9f5bc7′ from ‘❌’ to ‘✅’.
Updated ‘USB’ for AAGUID ‘820d89ed-d65a-409e-85cb-f73f0578f82a’ from ‘❌’ to ‘✅’.
Updated ‘BLE’ for AAGUID ‘820d89ed-d65a-409e-85cb-f73f0578f82a’ from ‘❌’ to ‘✅’.

How have your FIDO2 implementations been going? Would love to hear your stories!

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.20
GitHub: https://github.com/DevClate/EntraFIDOFinder

EntraFIDOFinder Update

September 26, 2025 by ClaytonT Leave a Comment

There haven’t been much changes the past couple months, but finally a biggish update happened where Microsoft has added 10 more keys that are Attestation capable.

Added Attestation capable keys:

Chipwon Clife Key | 930b0c03-ef46-4ac4-935c-538dccd1fcdb
HID Crescendo 4000 FIDO | aa79f476-ea00-417e-9628-1e8365123922
ID-One Key | 82b0a720-127a-4788-b56d-d1d4b2d82eac
ID-One Key | f2145e86-211e-4931-b874-e22bba7d01cc
VeridiumID Passkey Android SDK | 8d4378b0-725d-4432-b3c2-01fcdaf46286
VeridiumID Passkey iOS SDK | 1e906e14-77af-46bc-ae9f-fe6ef18257e4
VinCSS FIDO2 Fingerprint | 9012593f-43e4-4461-a97a-d92777b55d74
YubiKey 5 Series with NFC – Enhanced PIN | 662ef48a-95e2-4aaa-a6c1-5b9c40375824
YubiKey 5 Series with NFC – Enhanced PIN (Enterprise Profile) | b2c1a50b-dad8-4dc7-ba4d-0ce9597904bc
YubiKey 5 Series with NFC KVZR57 | 9eb7eabc-9db5-49a1-b6c3-555a802093f4

Are you requiring attestation? How has your implementation of FIDO2 keys been?

Don’t forget about the web version at: https://devclate.github.io/EntraFIDOFinder/Explorer/

Need the module?
– PowerShell: Install-PSResource EntraFIDOFinder
– PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.19
– GitHub: https://github.com/DevClate/EntraFIDOFinder