Forum Discussion
Solved
Intune Endpoint Privilege Management - FIDO2
we have begun testing out Intune EPM as a replacement for local admin accounts in our org. We have users that authenticate with PIV certs via Smartcard as well as FIDO2 with Yubikeys. PIV authentic...
klenTAHNYeah, the issue is that FIDO2 alone doesn’t work with EPM the same way PIV smart cards do. To get it working, you need to enable Windows Hello for Business (WHfB) on the device.
Without WHfB, FIDO2 is just recognized as an MFA method for Azure AD, but it’s not treated as a valid credential for privilege elevation with EPM.
klenTAHNYeah, the issue is that FIDO2 alone doesn’t work with EPM the same way PIV smart cards do. To get it working, you need to enable Windows Hello for Business (WHfB) on the device.
Without WHfB, FIDO2 is just recognized as an MFA method for Azure AD, but it’s not treated as a valid credential for privilege elevation with EPM.