YubiKeys for Microsoft Azure AD Passwordless Sign In Guide

Note: These documents are based on FIDO2 passwordless support in Azure AD, which is currently in public preview. The features, user interface, etc. are subject to change when the release becomes generally-available.


Microsoft has recently introduced a public preview feature in Azure Active Directory allowing organizations to enable FIDO2 Security Keys as a passwordless authentication factor. YubiKeys by Yubico, a leader in the strong authentication space, introduced FIDO2 on their YubiKey 5 Series, supporting Microsoft Passwordless sign in. By utilizing Microsoft Passwordless Login flows, organizations may realize the following benefits:


  • Strong security - improved protection against phishing, man-in-the-middle, and password spray attacks
  • Improved user experience - end users no longer have to deal with long, complex, and rotating passwords
  • Reduced costs - minimize password-related help desk tickets that account for a large percentage of IT help desk resources.

Microsoft’s Passwordless sign-in with YubiKeys applies to the following scenarios:


  1. Azure Active Directory web applications
  2. Azure Active Directory joined Windows 10 devices (Windows 10 1909 and later)
  3. Hybrid Azure Active Directory joined Windows 10 devices (Windows 10 2004 and later)

These documents serve as a guide for organizations looking to configure and deploy Microsoft’s Passwordless Sign-in for Azure AD. More information about the Microsoft + Yubico partnership can be found here: https://www.yubico.com/solutions/passwordless/.


Azure AD Passwordless Sign in Deployment Documents

Admin Deployment Guide
Admin Pre Deployment Checklist
Admin Post Deployment Checklist
User Enablement Guide


Getting Additional Help

For more information, and to get help with your YubiKeys, see: