Microsoft
MicrosoftWe've had fairly good success with this solution and we're at about 250 users on passwordless now (Kerberos cloud trust & FIDO2 logon to desktop). So far most of the issues described further up this thread seem to be gone for us on a fully patched hybrid-joined win10 client. It even seems to play ball with our proxy and forced tunnel VPN (excluding the odd cases in hotels with machines auto-joining unauthenticated captive portals which MITM connections to login.microsoftonline.com - these seem to need airplane mode initially)
However, despite the successes, users on many machines are still seeing the problem on clean boot where no FIDO2 PIN input field is displayed if 'security key' is their last used cred provider (resume from hibernate is OK). On a clean bootup logon screen they only see 'sign-in Options' and must click on another provider like password and back again before PIN input field is available.
Is this not a widespread issue ? It's causing more support calls than expected and really frustrating some of our users.
