If you're having trouble setting up Microsoft Entra ID (including Office 365) multi-factor authentication, please be sure you are following the instructions mentioned below. Note that, as per this Microsoft article, RDP is an unsupported scenario for FIDO2 passwordless login to Windows. Additionally, it is recommended to avoid using an incognito/private browser window or tab when accessing Microsoft's portal, as doing so may cause authentication failures and other issues (this is outside of Yubico's control).
Currently there are two YubiKey-compatible methods of MFA supported in Microsoft Entra ID (which applies to Office 365):
-
FIDO2 passwordless - any YubiKey from the 5 Series or our Security Key Series keys will work with this method, but note that not all platforms (operating systems, browsers, etc.) support FIDO2 passwordless login today, so you may need to use another method of MFA when signing in on certain devices. See this Microsoft article for clarification on browser support. See here for instructions covering Azure tenant setup, key registration, and portal (browser) sign-in.
Note: Instructions for extending FIDO2 passwordless support to Windows 11/10 sign-in can be found here.
- OATH-TOTP (authenticator app) - this method of MFA requires installation and usage of Yubico Authenticator, as well as a YubiKey (the Security Key Series keys do not support this method). Instructions on setting up this method can be found here.
Please note that Microsoft Entra ID and Office 365 are not Yubico products, and Yubico doesn't have insight into customer tenants, access to tenant logs, etc., which limits our ability to assist. For assistance beyond the above information, including with specific error messages received when accessing Entra/Office 365, you may need to reach out to Microsoft directly. See here for information on Entra support options from Microsoft.