This guide is intended for all Microsoft Office 365 or Entra ID users that would like to improve the security of their accounts by registering a YubiKey as a Security Key. Microsoft provides documentation on this procedure, which can be found here.
This document describes the necessary steps to register a YubiKey (security key) to a Microsoft account. All Yubico’s products - YubiKey 5 Series, YubiKey Bio Series and Security Key Series - are compatible with this procedure.
Step 1: Go to your Microsoft account profile configuration page: https://aka.ms/mfasetup
Step 2: Connect to your account using the authentication methods currently available to you (if you are configuring your Azure account, you can request a Temporary Access Pass - TAP - to your administrator)
Step 3: Click on “Add sign-in method”
Step 4: Select the option “Security Key” and then click on “Add”
If the Security key option is not present, please refer to this Microsoft article covering how to enable it in your tenant.
Step 5: At this point, the browser may present you with a QR code for you to register a Passkey. Click on the “Try another way” (you may alternatively see "Back" or "Use a different passkey") button or touch your YubiKey. Then select the option “External security key or built-in sensor” and confirm the Windows Security pop-ups by clicking on the “OK” button.
Note: If you are using your YubiKey (FIDO2) for the first time, the browser will ask you to create a new PIN code. Type the PIN code and confirm it and then click on “OK”
Step 6: Give your YubiKey a nickname and click on “”. At this point your YubiKey is registered to your account.
Note: Repeat the steps in this guide to register multiple YubiKeys to your account (up to 10). We advise you to have at least 2 (primary and backup keys).