Microsoft allows organizations to enable FIDO2 Security Keys as a passwordless authentication factor. By utilizing Microsoft Passwordless Login flows, organizations may realize the following benefits:
- Strong security - improved protection against phishing, man-in-the-middle, and password spray attacks
- Improved user experience - end users no longer have to deal with long, complex, and rotating passwords
- Reduced costs - minimize password-related help desk tickets that account for a large percentage of IT help desk resources.
Microsoft’s Passwordless sign-in with YubiKeys applies to the following scenarios:
- Azure Active Directory web applications
- Azure Active Directory joined Windows 10 devices (Windows 10 1909 and later)
- Hybrid Azure Active Directory joined Windows 10 devices (Windows 10 2004 and later)
These documents (attachments below) serve as a guide for organizations looking to configure and deploy Microsoft’s Passwordless Sign-in for Azure AD. More information about the Microsoft + Yubico partnership can be found here.
Getting Additional Help
For more information, and to get help with your YubiKeys, see: