Microsoft Office 365 and Microsoft Entra ID User’s account setup


This guide is intended for all Microsoft Office 365 or Entra ID users that would like to improve the security of their accounts by registering a YubiKey as a Security Key.


This document describes the necessary steps to register a YubiKey (security key) to a Microsoft account. All Yubico’s products - YubiKey 5 Series, YubiKey Bio Series and Security Key Series - are compatible with this procedure.


Step 1: Go to your Microsoft account profile configuration page: https://aka.ms/mfasetup


Step 2: Connect to your account using the authentication methods currently available to you (if you are configuring your Azure account, you can request a Temporary Access Pass - TAP - to your administrator)


Step 3: Click on “Add sign-in method

Microsoft

 

Step 4: Select the option “Security Key” and then click on “Add”

Microsoft

If the Security key option is not present, please refer to this Microsoft article covering how to enable it in your tenant.

 

Step 5: At this point, the browser may present you with a QR code for you to register a Passkey. Click on the “Try another way” button or touch your YubiKey. Then select the option “External security key or built-in sensor” and confirm the Windows Security pop-ups by clicking on the “OK” button.

MicrosoftMicrosoft

MicrosoftMicrosoft

 

Note: If you are using your YubiKey (FIDO2) for the first time, the browser will ask you to create a new PIN code. Type the PIN code and confirm it and then click on “OK

MicrosoftMicrosoft

Microsoft

Step 6: Give your YubiKey a nickname and click on “”. At this point your YubiKey is registered to your account.

Microsoft

 

Note: Repeat the steps in this guide to register multiple YubiKeys to your account (up to 10). We advise you to have at least 2 (primary and backup keys).