This guide is intended for all Microsoft Office 365 or Entra ID users that would like to improve the security of their accounts by registering a YubiKey as a Security Key. Microsoft provides documentation on this procedure, which can be found here.
This document describes the necessary steps to register a YubiKey (security key) to a Microsoft account. All currently manufactured Yubico’s products - YubiKey 5 Series, YubiKey Bio Series and Security Key Series - are compatible with this procedure.
Step 1: Go to your Microsoft account profile configuration page
Step 2: Connect to your account using the authentication methods currently available to you (if you are configuring your Entra account, you can request a Temporary Access Pass - TAP - from your administrator)
Step 3: Click Add sign-in method
Step 4: Select the option Security key, and then click Add
If the Security key option is not present, please refer to this Microsoft article covering how to enable it in your tenant.
Step 5: At this point, the browser may present you with a QR code for you to register a passkey. Click Try another way (you may alternatively see Back or Use a different passkey button or touch your YubiKey. Then select the option External security key or built-in sensor and confirm the Windows Security pop-ups by clicking on the OK button.
Tip: If you are using your YubiKey (FIDO2) for the first time, the browser will ask you to create a new PIN code. Type the PIN code, confirm it, and then click OK.
Step 6: Give your YubiKey a nickname and click on Next. At this point your YubiKey is registered to your account.