Azure AD / Office 365 MFA

If you're having trouble setting up Azure AD (including Office 365) Multi-Factor Authentication, please be sure you are following the instructions mentioned below. Note that, as per this Microsoft article, RDP is an unsupported scenario for FIDO2 passwordless login to Windows. Additionally, it is recommended to avoid using an incognito/private browser window or tab when accessing Microsoft's portal, as doing so may cause authentication failures and other issues (this is outside of our control).


Currently there are two YubiKey-compatible methods of MFA supported in Azure (which applies to Office 365):


  • FIDO2 passwordless - any YubiKey from the 5 Series and our blue Security Keys will work with this method, but note that not all platforms (operating systems, browsers, etc.) support FIDO2 passwordless login today, so you may need to use another method of MFA when signing in on certain devices. See this Microsoft article for clarification on browser support. See here for instructions covering Azure tenant setup, key registration, and portal (browser) sign-in.

    *Note: Instructions for extending FIDO2 passwordless support to Windows 10 sign-in can be found here.
  • OATH-TOTP (authenticator app) - this method of MFA requires installation and usage of the Yubico Authenticator companion app, as well as a YubiKey (our blue Security Keys won't work with this method). Instructions on setting up this method can be found here.

Please note that Azure and Office 365 are not Yubico products, and we don't have insight into customer tenants, access to tenant logs, etc., which limits our ability to help. For assistance beyond the above information, including with specific error messages received when accessing Azure/365, you may need to reach out to Microsoft directly. See here for information on Azure support options from Microsoft.