Navigation section

HID Unveils Crescendo Keys and EPM for Enterprise Passkeys with Entra ID

  • Thread Author
HID is betting big on enterprise passkeys: the company has launched a refreshed line of FIDO‑certified Crescendo authenticators alongside a new Enterprise Passkey Management (EPM) service aimed at making large‑scale, phishing‑resistant sign‑ins easier to deploy and run. The August 5 announcement leans on fresh FIDO Alliance data showing 87% of enterprises are now deploying passkeys—even as complexity and cost still deter holdouts—positioning EPM as the control plane that brings hardware diversity, lifecycle oversight, and admin‑friendly automation to Windows and Microsoft Entra ID environments. (newsroom.hidglobal.com, fidoalliance.org)

Multiple blue-lit monitors display dashboards in a high-tech control room.Overview​

HID’s expanded portfolio hits two pressure points at once: modern, FIDO2‑based hardware for device‑bound passkeys and centralized tooling so IT can provision, revoke, and audit at scale. The company says EPM is subscription‑based and designed for centralized visibility and control—key asks from identity teams contending with mixed fleets, hybrid work, and compliance reporting. (newsroom.hidglobal.com)
For Windows admins, the pitch is straightforward: pair FIDO2 security keys or cards with Entra ID’s passkey support to deliver passwordless sign‑in across Windows 10/11 and the Microsoft 365 stack, while preserving phishing resistance and measurable help‑desk reductions. Microsoft documents outline prerequisites and attestation guidance, helping organizations translate pilot success into production rollouts. (learn.microsoft.com)

What HID is shipping​

Enterprise Passkey Management (EPM)​

HID’s new EPM layer focuses on at‑scale operations rather than just issuance. Headline capabilities include:
  • Remote provisioning: Issue FIDO credentials on behalf of users to cut training overhead and accelerate onboarding.
  • Full lifecycle management: Centralize visibility of issuance, revocation, and audit trails to support security baselines and compliance evidence. (newsroom.hidglobal.com)
In other words, EPM targets the operational bottlenecks that have slowed enterprise passkey adoption—from first‑time enrollment to credential replacement and audit readiness. That emphasis aligns with FIDO Alliance findings that cite complexity and costs as the top barriers among organizations still on the sidelines. (fidoalliance.org)

Crescendo Keys​

The redesigned Crescendo Keys emphasize ergonomics and accessibility while supporting a tri‑stack of FIDO2, PKI, and OATH—useful for mixed modern and legacy workflows. HID highlights remote PIN reset and device unlock options to keep users productive without risky workarounds. (newsroom.hidglobal.com, hidglobal.com)

Crescendo Cards​

Crescendo Cards serve as a single corporate badge for both doors and data: physical access (Seos or MIFARE DESFire EV3) plus passwordless digital access via FIDO, with variants in dual‑interface or contactless formats. HID explicitly calls out cards featuring FIDO 2.1 support, unifying physical and logical access under one credential. (newsroom.hidglobal.com)

OMNIKEY 5022 Contactless Reader​

For desktops and shared kiosks, the OMNIKEY 5022 provides a compact, CCID‑class USB reader that supports FIDO2/NFC credentials and plugs into standard Windows workstations without additional drivers—handy for thin and zero‑client setups in frontline environments. (hidglobal.com, bhphotovideo.com)

Why this matters to Windows and Entra ID​

Microsoft has steadily matured passkey (FIDO2) support inside Entra ID, enabling passwordless sign‑ins across Windows 10/11, web apps, and Microsoft 365 once the method is enabled for users or groups. Admins can enforce attestation for specific key models and benefit from Microsoft’s monthly ingestion of the FIDO Alliance Metadata Service (MDS), which determines whether a given vendor/model is recognized. HID’s approach—tying diverse hardware to a management layer—meets enterprises where they are: with both cloud and hybrid domain‑joined devices and a mix of user risk profiles. (learn.microsoft.com)
HID also deepened its Microsoft partnership by supporting Entra ID’s External Authentication Methods—letting companies leverage existing physical access cards as an MFA factor on the road to passwordless. That optionality matters in phased rollouts where different cohorts adopt FIDO hardware, synced passkeys, or certificate‑based logon at different speeds. (newsroom.hidglobal.com)

Strengths worth calling out​

  • End‑to‑end operations: EPM’s remote provisioning and lifecycle tooling are tuned for real‑world scale, not just lab pilots. (newsroom.hidglobal.com)
  • Form‑factor flexibility: Keys, cards, and a cost‑effective desktop reader cover roaming users, frontline kiosks, and regulated facilities. (newsroom.hidglobal.com, hidglobal.com)
  • Windows‑ready: Entra ID and Windows 10/11 provide a first‑class passkey experience, including attestation controls and group‑based enablement. (learn.microsoft.com)
  • Physical + logical convergence: Seos and DESFire EV3 card options with FIDO reduce badge sprawl and simplify user experience. (newsroom.hidglobal.com)

Caveats and open questions​

  • Subscription economics: EPM is subscription‑based; buyers should model total cost (hardware + management + reader infrastructure) versus alternatives, including synced passkeys where appropriate. (newsroom.hidglobal.com)
  • Attestation and compatibility: If your tenant enforces attestation, confirm HID models appear in Microsoft’s recognized list after MDS ingestion; expect up to a four‑week delay from MDS updates to Entra ID recognition. (learn.microsoft.com)
  • Recovery planning: Device‑bound passkeys are intentionally non‑recoverable. Budget for spare keys/cards per user and document break‑glass access for admins. Microsoft’s guidance and HID tools address PIN resets and re‑registration flows, but process rigor is essential. (docs.hidglobal.com, learn.microsoft.com)
  • Reader dependencies: Card‑based FIDO on desktops depends on NFC/USB readers. Validate OMNIKEY 5022 placement, driver baselines (CCID), and performance on thin clients before a wide rollout. (hidglobal.com)

A Windows admin’s 7‑day pilot plan​

  • Enable passkeys in Entra ID: In the Entra admin center, turn on the Passkey (FIDO2) method for a pilot group; note Windows 10 1903+ for AAD‑joined and 2004+ for hybrid‑joined devices. (learn.microsoft.com)
  • Decide your form factors: Start with Crescendo Keys for IT admins and high‑risk users; use Crescendo Cards plus OMNIKEY 5022 for shared PCs or badged facilities. (newsroom.hidglobal.com, hidglobal.com)
  • Stand up EPM: Configure remote issuance, assign admin roles, and define revocation and audit policies aligned to your identity governance controls. (newsroom.hidglobal.com)
  • Attestation posture: If enforcing attestation, validate HID AAGUIDs in a test tenant and confirm they appear in Entra’s recognized catalog after MDS sync. (learn.microsoft.com)
  • Provision two credentials per user: Issue a primary and backup to avoid lockouts; document PIN resets and re‑registration steps. (docs.hidglobal.com)
  • Integrate with Microsoft 365: Test sign‑in flows for Outlook, Teams, and admin portals; confirm Conditional Access policies behave as expected for passkey sessions. (docs.hidglobal.com)
  • Help‑desk readiness: Script SOPs for lost/stolen devices, re‑issuance, and audit exports; capture pilot metrics on help‑desk tickets and MFA prompts to quantify ROI. (fidoalliance.org)

How this fits the broader passkey moment​

Industry momentum is unmistakable: enterprises report strong gains in user experience, security, and reduced help‑desk load from passkey deployments, even as they manage a mix of device‑bound and synced models. HID’s contribution is to smooth the hard parts—enrollment, fleet ops, and convergence with physical access—so identity teams can ship phishing‑resistant authentication without derailing day‑to‑day operations. (fidoalliance.org)

Bottom line​

For Windows shops standardizing on Microsoft Entra ID, HID’s new FIDO hardware plus EPM offers a credible path to passwordless sign‑in at scale, with the operational guardrails enterprises need. Validate attestation, nail your recovery model, and pilot with the cohorts that feel the most pain today; if the results match the research, expect fewer tickets, stronger security, and a smoother login experience—without sacrificing administrator control. (newsroom.hidglobal.com, learn.microsoft.com)
Source: Security Journal UK HID unveils FIDO hardware simplifying passkey deployment
 

Click to expand...
You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
HID Unveils Enterprise Passkeys: FIDO2 Hardware + Centralized EPM
Replies
0
Views
74
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Custom SSO Claims with Entra ID Directory Extensions: A Five-Step Guide
Replies
0
Views
293
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Metadata-Driven Zero-Trust MLOps on Azure with Entra ID, Key Vault & Private Link
Replies
0
Views
88
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Microsoft Entra ID Expands Passkey Support for Passwordless Security in 2025
Replies
0
Views
369
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows-First SSO in 2025: Entra ID, Passkeys, and Pricing Essentials
Replies
0
Views
320
ChatGPT
ChatGPT
Back
Top