Introduction
Microsoft allows organizations to enable FIDO2 Security Keys as a passwordless authentication factor. By utilizing Microsoft Passwordless Login flows, organizations may realize the following benefits:
- Strong security - improved protection against phishing, man-in-the-middle, and password spray attacks
- Improved user experience - end users no longer have to deal with long, complex, and rotating passwords
- Reduced costs - minimize password-related help desk tickets that account for a large percentage of IT help desk resources.
Microsoft’s Passwordless sign-in with YubiKeys applies to the following scenarios:
- Entra ID Active Directory web applications
- Entra ID Active Directory joined Windows 10/11 devices (Windows 10 1909 and later)
- Hybrid Entra ID Active Directory joined Windows 10/11 devices (Windows 10 2004 and later)
The chart below indicates where the YubiKey works with Entra ID Passwordless (FIDO2). This assumes the current versions of operating systems and browsers.
Chrome/Edge browsers |
Safari |
MS 365 native apps |
Device sign in |
|
Windows Entra ID AD joined |
Yes |
Yes |
Yes |
|
Windows Hybrid Entra ID AD joined |
Yes |
Yes |
Yes |
|
Windows AD joined |
Yes |
Yes |
No |
|
Windows non-AD joined |
Yes |
Yes |
No |
|
MacOS |
Yes |
Yes |
Yes |
No |
Linux |
Yes |
No |
No |
|
Android |
Yes |
No |
No |
|
iPhone |
Yes |
Yes |
Yes |
No |
iPad |
Yes |
Yes |
Yes |
No |
ChromeOS |
Yes |
No |
No |
For more details on Entra ID AD Passwordless support please see Microsoft's documentation here Browser support of FIDO2 passwordless authentication.
The documents attached below serve as a guide for organizations looking to configure and deploy Microsoft’s Passwordless Sign-in for Entra ID AD. More information about the Microsoft + Yubico partnership can be found here.
Getting Additional Help
For more information, and to get help with your YubiKeys, see the following guides (updated June 2023):