Pre-boot authentication, Windows 365
and device trust signals |
MagicEndpoint Demo

MagicEndpoint uses Bluetooth and biometrics on a user’s phone
to securely log into a computer, even offline. 

Transcript

Here the computer starts and, at pre-boot, detects the user’s phone using Bluetooth. Once the phone is detected, the user will be prompted to authorize the login and complete the process using biometrics on their phone. Only a phone containing the correct key can access this device. This login can occur while the device is online and offline. From now on, this phone can be used by the user to log into boot logon and Windows on this computer. Using single sign-on, the user account is logged in, as is MagicEndpoint, and is available and ready for use. The user can start accessing online applications using no user action. Here, the user opens Microsoft 365 and connects. Rather than the phone, this uses MagicEndpoint and SAML-based authentication with no user action required.

Now, to demonstrate how the device trust signals work, we have created a policy that requires devices to be fully encrypted. If a device is not fully encrypted, the user will not be able to log into online applications on this device. To test, let’s log out of Microsoft 365 and start the decryption on this device. Now, because the endpoint is being decrypted, the policy takes effect immediately. When the user tries logging into Microsoft 365 again, they will be denied access. And, because the endpoint has a persistent connection with the MagicEndpoint Center, this event-driven action was detected.

Suggested Videos

MagicEndpoint Passwordless Authentication

MagicEndpoint Demo: Multi-user with Ping Federate

SANS Zero Trust Solutions Forum 2023 Presentation

keyboard_arrow_up