Home
%3CLINGO-SUB%20id%3D%22lingo-sub-748555%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748555%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20stuck%20on%20this%20step%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20seeing%20any%20methods%20to%20enable.%26nbsp%3B%20Any%20help%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748651%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748651%22%20slang%3D%22en-US%22%3E%3CP%3ESimilar%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24004%22%20target%3D%22_blank%22%3E%40chad%20Snelson%3C%2FA%3E%26nbsp%3BI%20Enable%20yes%2C%20and%20then%20select%20my%20user%20account%20as%20a%20target%20and%20hit%20save.%26nbsp%3B%20When%20I%20reload%20the%20page%20any%20changes%20I%20made%20go%20away.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748677%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748677%22%20slang%3D%22en-US%22%3EDoes%20this%20require%20Azure%20AD%20Premium%20licenses%20to%20work%20or%20can%20it%20also%20be%20used%20with%20Office%20365%20with%20Azure%20AD%20free%20tier%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748865%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748865%22%20slang%3D%22en-US%22%3Ei%20can't%20get%20past%20this%20step%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%3C%2FA%3EOnly%20password%20authentication%20is%20available%3A%20%3CA%20href%3D%22https%3A%2F%2Fibb.co%2FC1n3QvL%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fibb.co%2FC1n3QvL%3C%2FA%3EUser%20feature%20previews%20is%20enabled%3A%20%3CA%20href%3D%22https%3A%2F%2Fibb.co%2FLQRWy4k%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fibb.co%2FLQRWy4k%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749065%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749065%22%20slang%3D%22en-US%22%3EHi%20all.%20Same%20issue%20here.%20Enabled%20user-%20selected%20save%20-%20then%2C%20nothing%20happens.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749113%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749113%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20beyond%20thrilled%20to%20see%20that%20this%20is%20finally%20to%20the%20public%20preview%20stage...%20and%20almost%20equally%20disappointed%20that%20yet%20again%20this%20awesome%20new%20feature%20doesn't%20support%20Hybrid%20AAD%20Joined%20devices.%26nbsp%3B%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20that%20said%2C%20I'm%20willing%20to%20test%20on%20AAD%20Joined%20devices%20(not%20hybrid)%2C%20but%20I'm%20stuck%20at%20the%20same%20point%20as%20others.%26nbsp%3B%20Under%20the%20section%20%22Enable%20new%20passwordless%20authentication%20methods%22%2C%20it%20says%20to%20choose%20certain%20options%20under%20each%20method.%26nbsp%3B%20However%2C%20the%20list%20of%20methods%20on%20this%20screen%20is%20empty%2C%20just%20showing%20%22No%20results%22.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPerhaps%20these%20methods%20are%20still%20being%20rolled%20out%2C%20or%20some%20of%20the%20earlier%20steps%20required%20to%20enable%20this%20take%20time%20to%20propagate%20before%20the%20methods%20appear%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749297%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749297%22%20slang%3D%22en-US%22%3E%3CP%3EI'll%20join%20as%20well%2C%20facing%20the%20same%20issue%20as%20most%20people%20who%20have%20posted.%20All%20the%20pre-reqs%20are%20there%2C%20then%20you%20enable%20it%20for%20a%20group%20of%20users%2C%20hit%20Save%20and%20nothing%20happens%20and%20your%20saved%20settings%20are%20gone.%20%3A(%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749852%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749852%22%20slang%3D%22en-US%22%3E%3CP%3ENow%20it%20works%20with%20the%20phone%20signin%20%3A).%20But%20i'm%20missing%20the%20%3A%20%22Sign%20in%20with%20security%20key%22%20option%20on%20the%20portal.office.com%20page%3F%3C%2FP%3E%3CP%3EI%20may%20come%20overnight%20i%20guess%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749861%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749861%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20of%20this%20morning%2C%20I%20now%20have%20%22Fido2%20Security%20Key%22%20and%20%22Microsoft%20Authenticator%20passwordless%20sign-in%22%20under%20methods%2C%20and%20I've%20enabled%20both.%26nbsp%3B%20Unfortunately%2C%20when%20I%20try%20to%20set%20up%20my%20Yubikey%205%20NFC%20security%20key%2C%20I%20get%20a%20message%20that%20%22This%20security%20key%20can't%20be%20used.%26nbsp%3B%20Please%20try%20a%20different%20one.%22%26nbsp%3B%20Yubico%20is%20listed%20as%20one%20of%20the%20supported%20vendors%2C%20and%20this%20model%20of%20key%20is%20the%20one%20that%20they%20recommend%20for%20passwordless%20AzureAD%20use%2C%20so%20I'm%20not%20sure%20what%20the%20issue%20is.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20%3CEM%3Eam%3C%2FEM%3Etrying%20to%20set%20it%20up%20on%20a%20Hybrid%20AAD%20Joined%20computer%2C%20but%20if%20I%20understand%20correctly%20I%20should%20be%20able%20to%20set%20it%20up%20and%20use%20it%20for%20web%20based%20authentication%2C%20it%20is%20just%20not%20supported%20for%20use%20at%20the%20windows%20lock%20scren.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750018%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750018%22%20slang%3D%22en-US%22%3E%3CP%3EI%20receive%20a%20message%20when%20going%20to%20myprofile.microsoft.com%3A%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%20class%3D%22ms-Fabric%20_2lVrYyr1x2VaN-2g40D4hH%20root-47%22%3E%3CDIV%3E%3CDIV%20class%3D%22ms-MessageBar%20ms-MessageBar--warning%20ms-MessageBar-multiline%20_3QutgDTIFO_9Z0lTpYxiIo%20root-54%22%3E%3CDIV%20class%3D%22ms-MessageBar-content%20content-55%22%3E%3CDIV%20class%3D%22ms-MessageBar-text%20text-58%22%3E%3CSPAN%20class%3D%22ms-MessageBar-innerText%20innerText-59%22%3E%3CSPAN%3EOops%2C%20seems%20like%20the%20organization%20you%20tried%20signing%20into%20hasn't%20activated%20the%20new%20profile%20experience%20at%20this%20time.%20Please%20contact%20your%20admin%20for%20more%20information.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22ms-MessageBar-text%20text-58%22%3E%3CSPAN%20class%3D%22ms-MessageBar-innerText%20innerText-59%22%3EI've%20used%20Chrome%20and%20Internet%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22ms-MessageBar-text%20text-58%22%3E%3CSPAN%20class%3D%22ms-MessageBar-innerText%20innerText-59%22%3EThe%20feature%20regarding%20Phone%20sign-in%20works%20well%20for%20me%20%3A)%3C%2Fimg%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750019%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750019%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20this%20allow%20applications%20to%20offer%20passwordless%20sign%20on%20that%20are%20using%20Azure%20AD%20as%20an%20identity%20provider%20via%20SAML%202.0%20or%20OpenID%20Connect%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750035%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750035%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F254454%22%20target%3D%22_blank%22%3E%40AnthonyClark_316%3C%2FA%3E%26nbsp%3B%20I%20think%20so%20authentication%20with%20integrated%20applications%20goes%20through%20the%20Microsoft%20log-in%20page.%20We've%20setted%20up%20SSO%20with%20SAP%20ByDesign%20if%20a%20user%20connects%20through%20the%20SAP%20ByDesign%20URL%20in%20a%20private%20browser%20it%20redirects%20to%20the%20Microsoft%20log-in%20page%20where%20you%20need%20to%20enter%20the%20corporate%20credentials%20of%20you're%20Azure%20AD%20account%20or%20AD%20account%20if%20you're%20using%20a%20Hybrid%20Scenario%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750115%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750115%22%20slang%3D%22en-US%22%3E%3CP%3EI%20also%20had%20to%20wait%20a%20few%20minutes%20(like%2030)%20before%20the%20auth-methods%20appeared%20in%20my%20tenant.%20Anyway%20all%20is%20working%20now%20and%20-if%20you%20are%20interested-%20I%20have%20written%20a%20blog-post%20about%20it%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Femptydc.com%2F2019%2F07%2F11%2Fpasswords-with-or-without-you%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Femptydc.com%2F2019%2F07%2F11%2Fpasswords-with-or-without-you%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2CJan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750161%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750161%22%20slang%3D%22en-US%22%3EThis%20morning%20i%20could%20finish%20the%20steps%20and%20my%20yubikey%20is%20working.%20Thanks%20guys%20for%20the%20help.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750282%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750282%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20passwordless%20login%20to%20windows%20also%20supported%20using%20the%20Authenticator%20app%2C%20or%20just%20the%20security%20key%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20enabled%20both%20credentials%2C%20and%20my%20credential%20in%20the%20authenticator%20app%20is%20enabled%20for%20phone%20sign-in%2C%20but%20I'm%20not%20seeing%20any%20way%20to%20initiate%20a%20phone%20sign-in%20at%20the%20windows%20lock%20screen.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750936%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750936%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F27877%22%20target%3D%22_blank%22%3E%40Steve%20Whitcher%3C%2FA%3E%2C%20I%20think%20the%20Windows%20login%20is%20(atm)%20only%20supported%20on%20pure%20Azure%20AD%20joined%20machines%2C%20not%20hybrid%20joined%20devices.%20(I%20am%20assuming%20you're%20trying%20this%20from%20a%20Hybrid%20AAD%20joined%20device%20based%20on%20your%20previous%20post%20%3A)%3C%2Fimg%3E%20).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750952%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750952%22%20slang%3D%22en-US%22%3E%3CP%3EMusings%20after%20first%205%20minute%20test%20with%20the%20Authenticator%20app%20option.%20Both%20Edge%20and%20Chrome%20prompt%20me%20for%20the%20app%20sign%20in%20the%20first%20time.%3C%2FP%3E%3CP%3EI%20choose%20to%20not%20keep%20me%20signed%20in%20and%20subsequently%20perform%20a%20correct%20logout%20of%20my%20session.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20then%20choosing%20to%20sign%20in%20again%20from%20the%20office.com%20page%2C%20I%20get%20prompted%20for%20my%20password%20and%20not%20the%20app%20sign%20in%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20close%20the%20browser%20and%20re-open%20and%20go%20back%20to%20office.com%20to%20sign%20in%2C%20I%20get%20the%20app%20sign-in%20again.%20I%20don't%20know%20about%20the%20rest%20of%20you%20but%20I%20find%20that%20weird%20and%20not%20a%20very%20nice%20or%20consistent%20experience.%3C%2FP%3E%3CP%3EI%20might%20be%20doing%20something%20wrong%20but%20if%20I%20am%2C%20I%20don't%20know%20what%20it%20is%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EP.S.%20is%20there%20a%20way%20to%20remove%20the%20'sign%20in%20with%20a%20password%20instead'%20option%20so%20only%20app%20is%20possible%20and%20if%20so%2C%20which%20are%20'backup%20methods'%20in%20case%20you%20forgot%20your%20phone%20at%20home%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751402%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751402%22%20slang%3D%22en-US%22%3E%3CP%3EStill%20waiting%20for%20the%20authentication%20methods%20to%20show%20up%20in%20our%20subscriptions.%20Been%20waiting%20for%20more%20than%2024%20hours%20now%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751490%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751490%22%20slang%3D%22en-US%22%3E%3CP%3EI%20contact%20Office%20365%20tech%20support%20for%20issue%20enabled%20%22Authentication%20method%20policy%20(Preview)%22%20but%20not%20show%20the%20new%20authentication%20methods%20appeared%20in%20my%20Office%20365%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBelow%20is%20tech%20support%20suggest%20me%20to%20use%20powershell%20for%20enable%20passwordless%20authentication%20method%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3ESearch%20%26nbsp%3Bwindows%20powershell%20%26nbsp%3Bin%20your%20computer%20%2Cright%20click%20powershell%20and%20choose%20run%20as%20an%20administrator%3C%2FLI%3E%3CLI%3ETo%20confirm%20whether%20you%20have%20this%20version%20installed%20%2Crun%20%3A%20Get-Module%20-Name%20AzureAD%20-ListAvailable%20%26nbsp%3B%3C%2FLI%3E%3CLI%3EIf%20you%20currently%20have%20the%20Azure%20AD%20PowerShell%20module%20installed%20and%20it%E2%80%99s%20not%20%3CSTRONG%3Eat%20least%3C%2FSTRONG%3Eversion%202.0.2.5%2C%20you%E2%80%99ll%20need%20to%20uninstall%20it.%20To%20do%20this%2C%20run%3A%3CBR%20%2F%3E%3CBR%20%2F%3EUninstall-Module%20-Name%20AzureAd%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3EIf%20you%20don%E2%80%99t%20have%20the%20Azure%20AD%20PowerShell%20module%20installed%2C%20or%20you%E2%80%99ve%20just%20uninstalled%20it%2C%20you%E2%80%99ll%20need%20to%20install%20it%20by%20running%3A%3CBR%20%2F%3E%3CBR%20%2F%3EInstall-Module%20-Name%20AzureADPreview%3C%2FLI%3E%3CLI%3EEnabling%20Passwordless%20Authentication%20for%20a%20single%20Office%20365%20tenant%2C%20run%3A%3CBR%20%2F%3E%3CBR%20%2F%3EConnect-AzureAD%3CBR%20%2F%3E%3CBR%20%2F%3ENew-AzureADPolicy%20-Type%20AuthenticatorAppSignInPolicy%20-Definition%20'%7B%22AuthenticatorAppSignInPolicy%22%3A%7B%22Enabled%22%3Atrue%7D%7D'%20-isOrganizationDefault%20%24true%20-DisplayName%20AuthenticatorAppSignIn%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751717%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751717%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Eadding%20the%20security%20key%20works%20fine.%20Windows%2010%20Sign-in%20as%20well.%3C%2FP%3E%3CP%3EHowever%2C%20I%20can't%20seem%20to%20get%20any%20browser%20to%20use%20the%20key%20for%20any%20sign-in%20to%20corporate%20resources%20(personal%20Microsoft%20Accounts%20work).%3C%2FP%3E%3CP%3EFirefox%20prompts%20%22This%20security%20key%20doesn't%20look%20familiar.%22%20and%20Edge%20(up-to-date)%20doesn't%20even%20give%20me%20the%20option%20use%20a%20security%20key%20as%20sign-in%20option.%3C%2FP%3E%3CP%3EDoes%20anybody%20else%20have%20these%20issues%3F%3C%2FP%3E%3CP%3Ebtw%3A%20I%20am%20using%20a%20Feitian%20BioPass%20key.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EChris%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751919%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751919%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F289321%22%20target%3D%22_blank%22%3E%40ChristianMueller%3C%2FA%3E%26nbsp%3BWe%20have%20the%20exact%20same%20issue.%20We%20are%20able%20to%20login%20to%20Windows%20with%20the%20security%20key%2C%20however%20logging%20into%20Azure%20Portal%20or%20the%20Office%20365%20portal%20in%20Firefox%20we%20get%20prompted%20%22%3CSPAN%3EThis%20security%20key%20doesn't%20look%20familiar%22%20and%20in%20Edge%20there%20is%20no%20option%20at%20all%20to%20login%20with%20a%20security%20key.%26nbsp%3B%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20are%20using%20Yubikey%205%20NFC%20keys%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752294%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752294%22%20slang%3D%22en-US%22%3E%3CP%3Ecan%20someone%20tell%20me%20how%20to%20get%20the%20login%20page%20on%20Azure%20or%20Office%20which%20support%20security%20key%20%3F%20on%20portal.azure.com%20nothing%20to%20select%20a%20security%20key...%3C%2FP%3E%3CP%3Ethank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752595%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752595%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375441%22%20target%3D%22_blank%22%3E%40crapitouille%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20Firefox%20browse%20to%20portal.azure.com%20or%20portal.office355.com%20or%20login.microsoftonline.com%20you%20need%20to%20ensure%20you%20are%20signed%20out%20and%20then%20click%20%22Sign-in%20Options%22%20at%20the%20bottom%2C%20then%20%22Sign%20in%20with%20Windows%20Hello%20or%20a%20security%20key%22.%20It%20will%20prompt%20you%20to%20insert%20your%20security%20key%20into%20the%20USB%20port%20or%20Tap%20on%20the%20NFC%2C%20then%20when%20you%20do%20that%20it%20will%20say%20something%20along%20the%20lines%20of%20%22The%20security%20key%20doesn't%20look%20familiar%2C%20please%20try%20another%20one.%20In%20Edge%20we%20are%20not%20prompted%20with%20any%20other%20additional%20sign-in%20options%20other%20than%20sign-in%20with%20GitHub.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%20Hello%20sign-ins%20for%20Windows%20Logon%20is%20working%20flawlessly%2C%20unfortunately%20portal%20logins%20are%20not.%20Its%20in%20preview%20though%2C%20so%20probably%20expected%20not%20to%20work%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749168%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749168%22%20slang%3D%22en-US%22%3E%3CP%3EFolks%2C%20if%20some%20of%20you%20are%20still%20unable%20to%20access%20these%20features%20please%20email%20your%20tenant%20ID%20to%20swkrish%20AT%20microsoft%20DOT%20com%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPS%3A%26nbsp%3B%3CSPAN%3EOur%20apologies%2C%20deployments%20are%20taking%20longer%20than%20intended%2C%20we%20expect%20all%20customers%20should%20have%20all%20the%20functionalities%20working%20no%20later%20than%20Fri%20evening%2C%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BPacific%20time%20zone.%20Thanks%20for%20your%20interest.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-746362%22%20slang%3D%22en-US%22%3EAnnouncing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-746362%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%E2%80%99m%20thrilled%20to%20let%20you%20know%20that%20you%20can%20now%20go%20passwordless%20with%20the%20public%20preview%20of%20FIDO2%20security%20keys%20support%20in%20Azure%20Active%20Directory%20(Azure%20AD)!%20Many%20teams%20across%20Microsoft%20have%20been%20involved%20in%20this%20effort%2C%20and%20we%E2%80%99re%20proud%20to%20deliver%20on%20our%20vision%20of%20making%20FIDO2%20technologies%20a%20reality%20to%20provide%20you%20with%20seamless%2C%20secure%2C%20and%20%3CSTRONG%3Epasswordless%20%3C%2FSTRONG%3Eaccess%20to%20all%20your%20Azure%20AD-connected%20apps%20and%20services.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%2C%20we%20turned%20on%20a%20new%20set%20of%20admin%20capabilities%20in%20the%20Azure%20AD%20portal%20that%20enable%20you%20to%20manage%20authentication%20factors%20for%20users%20and%20groups%20in%20your%20organization.%20In%20this%20first%20release%2C%20you%20can%20use%20them%20to%20manage%20a%20staged%20rollout%20of%20passwordless%20authentication%20using%20FIDO2%20security%20keys%20and%2For%20the%20Microsoft%20Authenticator%20application.%20Going%20forward%20you%E2%80%99ll%20see%20us%20add%20the%20ability%20to%20manage%20all%20our%20traditional%20authentication%20factors%20(Multi-Factor%20Authentication%20(MFA)%2C%20OATH%20Tokens%2C%20phone%20number%20sign%20in%2C%20etc.).%20Our%20goal%20is%20to%20enable%20you%20to%20use%20this%20one%20tool%20to%20manage%20all%20your%20authentication%20factors.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%3EWhy%20do%20we%20feel%20so%20strongly%20about%20passwordless%3F%3C%2FH3%3E%0A%3CP%3EEvery%20day%2C%20more%20and%20more%20of%20our%20customers%20move%20to%20cloud%20services%20and%20applications.%20They%20need%20to%20know%20that%20the%20data%20and%20services%20stored%20in%20these%20services%20are%20secure.%20Unfortunately%2C%20passwords%20are%20no%20longer%20an%20effective%20security%20mechanism.%20We%20know%20from%20industry%20analysts%20that%2081%20percent%20of%20successful%20cyberattacks%20begin%20with%20a%20compromised%20username%20and%20password.%20Additionally%2C%20traditional%20MFA%2C%20while%20very%20effective%2C%20can%20be%20hard%20to%20use%20and%20has%20a%20very%20low%20adoption%20rate.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%E2%80%99s%20clear%20we%20need%20to%20provide%20our%20customers%20with%20authentication%20options%20that%20are%20secure%20%3CSTRONG%3Eand%3C%2FSTRONG%3Eeasy%20to%20use%2C%20so%20they%20can%20confidently%20access%20information%20without%20having%20to%20worry%20about%20hackers%20taking%20over%20their%20accounts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20where%20passwordless%20authentication%20comes%20in.%20We%20believe%20it%20will%20help%20to%20significantly%20and%20permanently%20reduce%20the%20risk%20of%20account%20compromise.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122853i4569536BF0BECC73%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Passwordless%20sign%20in%20flow%202.png%22%20title%3D%22Passwordless%20sign%20in%20flow%202.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%2C%20all%20Azure%20AD%20users%20can%20sign%20in%20password-free%20using%20a%20FIDO2%20security%20key%2C%20the%20Microsoft%20Authenticator%20app%2C%20or%20Windows%20Hello.%20These%20strong%20authentication%20factors%20are%20based%20off%20the%20same%20world%20class%2C%20public%20key%2Fprivate%20key%20encryption%20standards%20and%20protocols%2C%20which%20are%20protected%20by%20a%20biometric%20factor%20(fingerprint%20or%20facial%20recognition)%20or%20a%20PIN.%20Users%20apply%20the%20biometric%20factor%20or%20PIN%20to%20unlock%20the%20private%20key%20stored%20securely%20on%20the%20device.%20The%20key%20is%20then%20used%20to%20prove%20who%20the%20user%20and%20the%20device%20are%20to%20the%20service.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20502px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122792i04310580CE730292%2Fimage-dimensions%2F502x548%3Fv%3D1.0%22%20width%3D%22502%22%20height%3D%22548%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%202.jpg%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%202.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fpasswordlessvideo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECheck%20out%20this%20video%3C%2FA%3Ewhere%20Joy%20Chik%2C%20corporate%20vice%20president%20of%20Identity%2C%20and%20I%20talk%20more%20about%20this%20new%20standard%20for%20signing%20in.%20To%20learn%20more%20about%20why%20this%20should%20be%20a%20priority%20for%20you%20and%20your%20organization%2C%20read%20our%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fgopasswordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewhitepaper%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%3ELet%E2%80%99s%20get%20you%20started!%3C%2FH3%3E%0A%3CP%3ETo%20help%20you%20get%20started%20on%20your%20own%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Epasswordless%3C%2FA%3Ejourney%2C%20this%20week%20we%E2%80%99re%20rolling%20out%20a%20bonanza%20of%20public%20preview%20capabilities.%20These%20new%20features%20include%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EA%20new%20Authentication%20methods%20blade%20in%20your%20Azure%20AD%20admin%20portal%20that%20allows%20you%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eassign%20passwordless%20credentials%3C%2FA%3Eusing%20FIDO2%20security%20keys%20and%20passwordless%20sign-in%20with%20Microsoft%20Authenticator%20to%20users%20and%20groups.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122793iE38105F756CBAB73%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%203.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%203.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EUpdated%20capabilities%20in%20the%20converged%20Registration%20portal%20for%20your%20users%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23user-registration-and-management-of-fido2-security-keys%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecreate%20and%20manage%20FIDO2%20security%20keys%3C%2FA%3E.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122794i1F9A3D4E5DCFBA9B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%204.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%204.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAbility%20to%20use%20FIDO2%20security%20keys%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23sign-in-with-passwordless-credentials%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eauthenticate%20across%20Azure%20AD-joined%20Windows%2010%20devices%3C%2FA%3Eon%20the%20latest%20versions%20of%20Edge%20and%20Firefox%20browsers.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122795iF9DC6D56AFE00B70%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%205.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%205.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%3EFIDO2%20hardware%3C%2FH3%3E%0A%3CP%3EMicrosoft%20has%20teamed%20up%20with%20leading%20hardware%20partners%2C%20Feitian%20Technologies%2C%20HID%20Global%2C%20and%20Yubico%2C%20to%20make%20sure%20we%20have%20a%20range%20of%20FIDO2%20form%20factors%20available%20at%20launch%2C%20including%20keys%20connecting%20via%20USB%20and%20NFC%20protocols.%20Sue%20Bohn%20has%20more%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FMicrosoft-passwordless-partnership-leads-to-innovation-and-great%2Fba-p%2F566493%22%20target%3D%22_self%22%3E%3CSPAN%3Edetails%20on%20those%20partnerships%3C%2FSPAN%3E%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20be%20sure%20to%20verify%20that%20any%20FIDO2%20security%20keys%20you%E2%80%99re%20considering%20for%20your%20organization%20meet%20the%20additional%20options%20required%20to%20be%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fmicrosoft-compatible-security-key%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecompatible%20with%20Microsoft%E2%80%99s%20implementation%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20906px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122817iA3C616C120D579BD%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22passwordless.jpg%22%20title%3D%22passwordless.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%3EOur%20passwordless%20strategy%3C%2FH3%3E%0A%3CP%3EOur%20passwordless%20strategy%20is%20a%20four-step%20approach%20where%20we%20deploy%20replacement%20offerings%2C%20reduce%20the%20password%20surface%20area%2C%20transition%20to%20passwordless%20deployment%2C%20and%20finally%20eliminate%20passwords%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122798i397EAB1334318903%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%208.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%208.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EToday%E2%80%99s%20product%20launches%20are%20an%20important%20milestone%20for%20getting%20to%20passwordless.%20In%20addition%2C%20the%20engineering%20work%20we%20did%20to%20provide%20authentication%20methods%20management%20for%20administrators%20and%20user%20registration%20and%20management%2C%20will%20allow%20us%20to%20move%20even%20faster%20to%20improve%20credentials%20management%20experiences%2C%20as%20well%20as%20bring%20new%20capabilities%20and%20credentials%20online%20more%20simply.%20We%E2%80%99re%20working%20with%20our%20Windows%20security%20engineering%20team%20to%20make%20FIDO2%20authentication%20work%20for%20hybrid-joined%20devices.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOf%20course%2C%20we%20look%20forward%20to%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FAzureADFeedback%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efeedback%20from%20you%3C%2FA%3Eacross%20all%20of%20these%20features%2C%20to%20help%20us%20improve%20before%20we%20make%20them%20generally%20available.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3BAlex%20(Twitter%3A%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40Alex_A_Simons%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3E%26nbsp%3BCorporate%20VP%20of%20Program%20Management%3C%2FP%3E%0A%3CP%3E%26nbsp%3BMicrosoft%20Identity%20Division%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%3EAdditional%20links%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fgopasswordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EThe%20end%20of%20passwords%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FAzureADvideos%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPasswordless%20overview%20and%20how%20to%20videos%3C%2FA%3E%E2%80%94coming%20soon%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%3CDIV%20class%3D%22video-embed-center%20video-embed%22%3E%3CIFRAME%20class%3D%22embedly-embed%22%20src%3D%22https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Fsrc%3Dhttps%253A%252F%252Fwww.youtube.com%252Fembed%252FxzRY06mMu94%253Ffeature%253Doembed%26amp%3Burl%3Dhttp%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DxzRY06mMu94%26amp%3Bimage%3Dhttps%253A%252F%252Fi.ytimg.com%252Fvi%252FxzRY06mMu94%252Fhqdefault.jpg%26amp%3Bkey%3Dfad07bfa4bd747d3bdea27e17b533c0e%26amp%3Btype%3Dtext%252Fhtml%26amp%3Bschema%3Dyoutube%22%20width%3D%22400%22%20height%3D%22225%22%20scrolling%3D%22no%22%20frameborder%3D%220%22%20allow%3D%22autoplay%3B%20fullscreen%22%20allowfullscreen%3D%22true%22%20title%3D%22Video%22%3E%3C%2FIFRAME%3E%3C%2FDIV%3E%3CP%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-746362%22%20slang%3D%22en-US%22%3E%3CP%3EI%E2%80%99m%20thrilled%20to%20announce%20that%20you%20can%20now%20go%20passwordless%20with%20the%20public%20preview%20of%20FIDO2%20security%20keys%20support%20in%20Azure%20AD!%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122791i36A6E59366E93E36%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%20teaser.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%20teaser.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753149%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753149%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20apologies%2C%20deployments%20are%20taking%20longer%20than%20intended.%20We%20expect%20all%20customers%20should%20have%20all%20the%20functionalities%20working%20no%20later%20than%20Friday%20evening%2C%20Pacific%20time%20zone.%20Thanks%20for%20your%20enthusiasm!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753844%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753844%22%20slang%3D%22en-US%22%3ENice%2C%20when%20is%20support%20for%20non%20microsoft%20operating%20systems%20goin%20to%20being%20added%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-754267%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-754267%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F314432%22%20target%3D%22_blank%22%3E%40AzureADTeam%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEverything%20works%20fine%20now%20%3A)%3C%2Fimg%3E%20Such%20a%20great%20addition%20to%20Azure%20AD!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752910%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752910%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20stuff!%20I%20went%20to%20test%20this%20out%20in%20my%20test%20tenant.%26nbsp%3BI%20am%20using%20Win%2010%201803.%20After%20enabling%20FIDO2%2C%20when%20I%20try%20register%20a%20user%20for%20the%20%22Security%20key%22%20method%2C%20I%20get%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CSPAN%3EWe%20detected%20that%20this%20browser%20or%20OS%20does%20not%20support%20FIDO2%20security%20keys.%3C%2FSPAN%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20this%20require%20Win%2010%201809%2B%3F%20Isn't%20FIDO2%20a%20matter%20of%20browser%20support%20-%20and%20OS%20agnostic%3F%20Will%20the%20AAD%20implementation%20of%20FIDO2%20eventually%20support%20MacOS%20and%20mobile%20devices%20(using%20a%20NFC-capable%20key)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753158%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753158%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowing%20the%20instructions%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23user-registration-and-management-of-fido2-security-keys%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%3C%2FA%3E%26nbsp%3Bthere%20are%20a%20few%20issues.%20When%20I%20am%20trying%20to%20register%20the%20security%20key%20with%20my%20fingerprint%2C%20the%20Set%20up%20button%20is%20grayed%20out.%20This%20is%20with%20a%20Feitian%26nbsp%3BFIDO2%20BioPass%20security%20key%20which%20has%20the%20fingerprint%20sensor.%20The%20Windows%2010%20version%20is%201903%20enterprise.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20475px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123197i5A6005B42DD7F6D6%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22securitykey.png%22%20title%3D%22securitykey.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20although%20I%20get%20this%20option%20in%20the%20Windows%2010%20sign-in%20settings%20of%20the%20computer%2C%20I%20don't%20get%20the%20option%20to%20register%20the%20security%20key%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmyprofile.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyprofile.microsoft.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20497px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123198iBD4B7A31FB9912F8%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22myprofilesecuritysettings.png%22%20title%3D%22myprofilesecuritysettings.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEDIT%3A%20ok%2C%20I%20was%20able%20to%20set%20the%20fingerprints%20after%20first%20resetting%20the%20security%20key%20and%20then%20setting%20a%20PIN%20on%20it.%20After%20setting%20a%20PIN%2C%20the%20option%20to%20set%20fingerprints%20was%20enabled.%20But%20now%20I%20have%20another%20issue%3A%20although%20I%20seem%20to%20have%20finished%20the%20setup%20of%20the%20security%20key%2C%20when%20I%20attempt%20to%20sign-in%20to%20my%20account%20with%20it%20at%20the%20Windows%20sign-in%20screen%2C%20it%20simply%20says%20%22This%20security%20key%20doesn't%20look%20familiar.%20Please%20try%20a%20different%20one.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20stumped.%20Appreciate%20any%20help%20with%20this!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-771147%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-771147%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20update.%20What%20is%20the%20strategy%20%26amp%3B%20status%20%26amp%3B%20timing%20concerning%20AAD%20B2C%20with%20FIDO2%20passwordless%20Azure%20Identities%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-773632%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-773632%22%20slang%3D%22en-US%22%3E%3CP%3EHoping%20to%20start%20helping%20organisation%20move%20further%20forward%20with%20passwordless%20approach%20also.%3C%2FP%3E%3CP%3EDefinitely%20need%20to%20increase%20internal%20passwordless%20adoption.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20purchased%20a%20Yubikey%205%20NFC%20and%20enrolled%20it%20through%20the%20AAD%20security%20methods%2C%20works%20fine%20for%20browser%20sign%20in%20(although%20not%20through%20chrome%20at%20all)%20but%20getting%20nowhere%20with%20windows%20sign%20in.%3C%2FP%3E%3CP%3EUsing%20AAD%20joined%20cloud%20managed%20device%2C%20at%20the%20sign%20in%20screen%20i%20can%20plug%20the%20yubikey%20in%20but%20it%20says%20%22No%20valid%20certificates%20were%20found%20on%20this%20smart%20card%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20turned%20the%20%22make%20your%20device%20password-less%22%20option.%3C%2FP%3E%3CP%3ERunning%2010%20insider%20Enterprise%2018941%20190713-1700%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20manage%20security%20key%20menu%20gives%20me%20the%20option%20to%20change%20PIN%20(tried%20that)%20and%20reset%20it%20to%20factory.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20one%20else%20run%20into%20this%3F%3C%2FP%3E%3CP%3EThis%20could%20be%20the%20missing%20piece%20to%20allow%20widespread%20passwordless%20for%20many%20of%20our%20users%20who%20have%20devices%20without%20Hello%20biometrics%20capabilities%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778310%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778310%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20regards%20to%20the%20Microsoft%20Authenticator%20passwordless%20sign-in%20method%2C%20has%20anyone%20else%20had%20trouble%20with%20it%20not%20sending%20push%20notifications%20to%20mobile%20devices%3F%20Such%20as%20reported%20here%20(%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F30680%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F30680%3C%2FA%3E)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20enabled%20my%20user%20in%20my%20tenant%20using%20the%20new%20options%20in%20the%20Azure%20Portal%2C%20i%20had%20not%20previously%20tried%20to%20enable%20a%20policy%20using%20the%20PowerShell%20cmdlets%20as%20mentioned%20by%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375183%22%20target%3D%22_blank%22%3E%40fordantitrust%3C%2FA%3E%26nbsp%3Babove.%20My%20user%20now%20triggers%20the%20passwordless%20flow%2C%20however%20I%20have%20to%20manually%20open%20up%20the%20Microsoft%20Authenticator%20app%20to%20begin%20my%20interaction.%20I%20do%20not%20receive%20a%20prompt%20via%20a%20push%20notification.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20I%20need%20to%20still%20execute%20the%20New-AzureADPolicy%20cmdlet%20to%20enable%20the%20push%20notifications%3F%20What%20is%20the%20impact%20of%20that%20policy%2C%20will%20it%20enable%20this%20preview%20for%20all%20my%20users%20who%20are%20using%20the%20Microsoft%20Authenticator%20app%3F%20Running%20the%20Get-AzureADPolicy%20cmdlet%20returns%20no%20similar%20policies%20in%20my%20tenant%2C%20which%20presumably%20would%20have%20been%20created%20if%20needed%20by%20the%20enabling%20of%20my%20user%20through%20the%20portal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EUpdate%3A%3C%2FSTRONG%3E%26nbsp%3BJust%20in%20case%20someone%20else%20finds%20this%2C%20I%20resolved%20this%20issue%20by%20going%20into%20the%20Microsoft%20Authenticator%20app%2C%20choosing%20to%20%22Disable%20phone%20sign-in%22%20for%20my%20AAD%20Work%20Account%2C%20and%20then%20enabling%20it%20again%20right%20after.%20This%20updated%20the%20icon%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fmyprofile.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyprofile.microsoft.com%3C%2FA%3Eportal%20from%20a%20normal%20MS%20Authenticator%20padlock%20icon%2C%20to%20a%20phone%20sign-in%20icon%20like%20you%20see%20in%20the%20app%20itself.%20After%20about%20half%20a%20day%2C%20the%20push%20notifications%20then%20started%20working%20for%20the%20passwordless%20sign-in%20flow.%20I'm%20guessing%20that%20as%20part%20of%20the%20preview%2C%20this%20particular%20flow%20of%20%22a%20user%20has%20already%20hit%20the%20enable%20phone%20sign-in%20option%20in%20the%20app%20for%20the%20AAD%20user%2C%20before%20they%20are%20enabled%20for%20the%20passwordless%20sign-in%20flow%22%20is%20not%20quite%20covered%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-798885%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-798885%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20configured%20my%20Azure%20AD%20joined%20Windows%2010%20(1903%20OS%20Build%2018947.1000)%20device%20with%20my%20Yubikey%20NFC%205.%20I%20was%20wondering%20about%20the%20sign-in%20behavior.%20When%20I%20sign-in%20I%20will%20get%20the%20following%20screens%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Enter%20Security%20Pin%3C%2FP%3E%3CP%3E2.%20Touch%20the%20Yubikey%20Gesture.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20configure%20the%20sign-in%20without%20the%20Security%20Pin%3F%20Because%20I%20know%20a%20Security%20Pin%20is%20not%20a%20password%2C%20but%20I%20would%20like%20to%20login%20with%20only%20the%20Yubikey.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20somebody%20knows%20the%20answer.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-801117%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-801117%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20for%20Windows%20only%3F%20Thought%20Office365%20was%20platform%20independent%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-806653%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-806653%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20plan%20for%20adding%20U2F%20as%20a%20second%20factor%3F%26nbsp%3B%20AAD%20sometimes%20asks%20for%20additional%20verification%20with%20a%20second%20factor%20before%20a%20user%20can%20perform%20sensitive%20operations%2C%20and%20currently%20FIDO2%20security%20keys%20cannot%20be%20used%20in%20those%20scenarios.%26nbsp%3B%20I%20really%20want%20to%20make%20sure%20that%20my%20account%20can%20be%20used%20without%20a%20phone%20(online%20or%20not).%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F53477%22%20target%3D%22_blank%22%3E%40Alex%20Simons%20(AZURE)%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-840743%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-840743%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20anybody%20else%20come%20across%20the%20following%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20YubiKey%205%20NFC%20and%20I%20run%20through%20the%20steps%20to%20set%20it%20up%20via%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmysignins.microsoft.com%2Fsecurity-info%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmysignins.microsoft.com%2Fsecurity-info%3C%2FA%3E%26nbsp%3B%2C%20it's%20detected%2C%20I%20enter%20the%20PIN%20and%20then%20at%20the%20end%20you're%20prompted%20with%20a%20screen%20to%20give%20the%20key%20a%20name.%20Whatever%20I%20put%20in%20there%2C%20it%20will%20always%20error%20with%20'We're%20sorry.%20We%20ran%20into%20a%20problem'.%3C%2FP%3E%3CP%3EI%20have%20tried%20to%20set%20it%20up%20on%20several%20computers%20and%20using%20several%20browsers%20(Chrome%2C%20Edge%2C%20Chredge%20canaray%2C%20dev%20and%20beta)%20but%20no%20go.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20350px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130449i3C15D61E8B377603%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22fido-error.jpg%22%20title%3D%22fido-error.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20started%20to%20think%20the%20YubiKey%20was%20broken%20but%20I%20can%20set%20it%20up%20just%20fine%20on%20other%20online%20services%20that%20support%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846984%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846984%22%20slang%3D%22en-US%22%3E%3CP%3ENow%20works%20with%20latest%20version%20of%20Chrome%20for%20mac%20and%20Edge%20for%20mac%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846998%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846998%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20word%20on%20support%20for%20non%20hybrid%20Active%20Directory%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-856314%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856314%22%20slang%3D%22en-US%22%3E%3CP%3ESo%2C%20after%20setting%20it%20up%20and%20going%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmfasetup%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecurity%20info%3C%2FA%3E%20page%20to%20change%20the%20Default%20sign-in%20method%20to%20Security%20key%2C%20I%20was%20surprised%20to%20see%20that%20%22Security%20key%22%20isn't%20in%20the%20list%20of%20choices%20when%20you%20go%20to%20change%20the%20default.%26nbsp%3B%20To%20be%20clear%2C%20%22Security%20key%22%20%3CSTRONG%3Eis%26nbsp%3B%3C%2FSTRONG%3Eshowing%20lower%20down%20on%20that%20page%2C%20along%20with%20the%20others%20(authenticator%2C%20etc)%2C%20just%20not%20when%20changing%20the%20default.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%3F%20The%20closest%20choice%20available%20is%20one%20that%20mentions%20authenticator%2Bhardware%20token.%20Choosing%20that%20involves%20the%20authenticator%20app.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-856506%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856506%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31161%22%20target%3D%22_blank%22%3E%40Steve%20Hernou%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anybody%20else%20come%20across%20the%20following%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20YubiKey%205%20NFC%20and%20I%20run%20through%20the%20steps%20to%20set%20it%20up%20via%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmysignins.microsoft.com%2Fsecurity-info%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmysignins.microsoft.com%2Fsecurity-info%3C%2FA%3E%26nbsp%3B%2C%20it's%20detected%2C%20I%20enter%20the%20PIN%20and%20then%20at%20the%20end%20you're%20prompted%20with%20a%20screen%20to%20give%20the%20key%20a%20name.%20Whatever%20I%20put%20in%20there%2C%20it%20will%20always%20error%20with%20'We're%20sorry.%20We%20ran%20into%20a%20problem'.%3C%2FP%3E%3CP%3EI%20have%20tried%20to%20set%20it%20up%20on%20several%20computers%20and%20using%20several%20browsers%20(Chrome%2C%20Edge%2C%20Chredge%20canaray%2C%20dev%20and%20beta)%20but%20no%20go.%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20started%20to%20think%20the%20YubiKey%20was%20broken%20but%20I%20can%20set%20it%20up%20just%20fine%20on%20other%20online%20services%20that%20support%20it.%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20having%20the%20exact%20same%20issue.%20Everything%20appears%20to%20work%2C%20right%20up%20to%20the%20last%20step%20of%20giving%20the%20key%20a%20%22nickname%22.%20I've%20tried%20this%20in%20the%20Edge%20Dev%20browser%20and%20Chrome%2076%20and%20Chrome%2077%20and%20I%20get%20the%20same%20error%20in%20all%20of%20them.%26nbsp%3B%20%26nbsp%3BI%20know%20my%20yubikey%20works%20just%20fine%2C%20I%20use%20it%20everyday%20for%20other%20services.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F131899iEF95242D599B25F0%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-858505%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-858505%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31161%22%20target%3D%22_blank%22%3E%40Steve%20Hernou%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383855%22%20target%3D%22_blank%22%3E%40n0creativity%3C%2FA%3E%26nbsp%3Bexactly%20the%20same%20experience%20for%20me%20too%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-859380%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-859380%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20way%20to%20report%20on%20who%20is%20registering%20a%20security%20key%20in%20your%20tenant%3F%20%26nbsp%3B%20I%20don't%20see%20it%20logged%20specifically%20in%20%22Audit%20Logs%22%20and%20%22Usage%20and%20Insights%22%20just%20totally%20ignores%20this%20registration%20method.%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-864205%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-864205%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20everyone%20who%20is%20setting%20this%20up%20checking%20all%20the%20pre-reqs%20(I%20know%20some%20aren't%20because%20I%20see%20people%20posting%20about%201803)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20the%20top%20of%20this%20page%20are%20pre-reqs%3A%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-security-key%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-security-key%3C%2FA%3E)%3C%2FP%3E%3CUL%3E%3CLI%3EAzure%20Multi-Factor%20Authentication%3C%2FLI%3E%3CLI%3ECombined%20registration%20preview%20with%20users%20enabled%20for%20SSPR%3C%2FLI%3E%3CLI%3EFIDO2%20security%20key%20preview%20requires%20compatible%20FIDO2%20security%20keys%3C%2FLI%3E%3CLI%3EWebAuthN%20requires%20Microsoft%20Edge%20on%20Windows%2010%20version%201809%20or%20higher%3C%2FLI%3E%3CLI%3EFIDO2%20based%20Windows%20sign%20in%20requires%20Azure%20AD%20joined%20Windows%2010%20version%201809%20or%20higher%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20scroll%20down%20to%20list%20of%20supported%20FIDO2%20keys.%20NO%2C%20not%20U2F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%23fido2-security-keys%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%23fido2-security-keys%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20don't%20forget%20to%20enable%20the%20preview%20combined%20registration%20page%20support%20(which%20is%20also%20as%20of%20today%20still%20in%20preview)%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-registration-mfa-sspr-combined%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-registration-mfa-sspr-combined%3C%2FA%3E%3C%2FP%3E%3CP%3ESide-implication%2C%20you%20must%20be%20willing%20to%20have%20self%20service%20password%20reset%20enabled%20on%20the%20tenant%2C%20and%20then%20enable%20the%20preview.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20this%20working%20with%20a%20K27%20from%20Feitian%20but%20I%20had%20to%20first%20wait%20for%20the%20preview%20combine%20registration%20process%20to%20show%20up%20for%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENote%3A%20I%20do%20not%20know%20if%2C%20even%20in%20a%20cloud%20only%20AzureAD%2C%20if%20you%20use%20self-hosted%20Microsoft%20MFA%20server%20if%20this%20is%20supposed%20to%20work%20yet.%20I%20would%20think%20that%20wouldn't%20occur%20until%20Hybrid%20support%20is%20available.%20So%20for%20those%20of%20you%20who%20have%20had%20MFA%20since%20BPOS%20days%20you%20might%20have%20some%20oddities.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20hoping%20to%20test%20some%20other%20keys%20in%20the%20next%20month%20or%20so%20(the%20eWBM%20fingerprint%20keys%20and%20the%20feitian%20k33%20multikey%20are%20what%20I%20am%20hoping%20to%20get%20next).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecurity%20Questions%3A%3C%2FP%3E%3CUL%3E%3CLI%3EAnyone%20in%20the%20red-team%20security%20side%20see%20about%20extracting%20fingerprint%20data%20from%20a%20key%20-%20either%20when%20inserted%20into%20compromised%20device%20or%20if%20user%20%22lost%22%20it.%3C%2FLI%3E%3CLI%3EAnd%20can%20Windows%20Security%20and%2For%20Windows%20Defender%20ATP%20detect%20and%20alert%20on%20the%20insertion%20of%20a%20broken%2Fcompromised%20FIDO2%20key.%3CBR%20%2F%3EI.e.%20does%20inserting%20the%20wrong%20FIDO2%20key%20count%20as%20a%20bad%20password%20attempt%3F%26nbsp%3B%3C%2FLI%3E%3C%2FUL%3E%3CP%3EPreview%20Feature%20I%20am%20hoping%20comes%20next%20(%3CU%3E%3CSTRONG%3Eeven%20before%20Hybrid%3C%2FSTRONG%3E%3C%2FU%3E%3A(%3C%2Fimg%3E%3C%2FP%3E%3CUL%3E%3CLI%3EHandling%20scenario%20where%20user%20reports%20a%20security%20key%20is%20lost.%3C%2FLI%3E%3C%2FUL%3E%3CP%3E-Neil%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-894461%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-894461%22%20slang%3D%22en-US%22%3E%3CP%3EWorks%20perfectly%20for%20Azure%20AD%20Joined%20devices%20in%20my%20test%20environment.%20Any%20ETA%20for%20when%20this%20will%20be%20available%20to%20preview%20for%20%3CU%3EHybrid%3C%2FU%3E%20Azure%20AD%20Joined%20devices%20and%20will%20it%20be%20integrated%20with%20Windows%20Hello%20for%20Business%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Adam%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-897088%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-897088%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20FIDO2%20method%20sounds%20very%20much%20like%20%22chip%20and%20PIN%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20western%20Europe%2C%20when%20we%20pay%20in%20shops%20using%20credit%20or%20debit%20cards%2C%20we%20use%20%22chip%20and%20PIN%22%3B%20insert%20your%20credit%20or%20debit%20card%20into%20the%20reader%2C%20then%20enter%20your%204%20digit%20PIN.%26nbsp%3B%20This%20is%20two%20factor%20authentication%20for%20payments%20%5Bsomething%20you%20have%20(chip)%20and%20something%20you%20know%20(PIN)%5D.%26nbsp%3B%20In%20the%20UK%20at%20least%2C%20everyone%20understands%20what%20%22chip%20and%20PIN%22%20means.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20have%20understood%20this%20correctly%2C%20and%20FIDO2%20method%20is%20indeed%20%22chip%20and%20PIN%22%2C%20then%20you%20could%20consider%20calling%20it%20%22chip%20and%20PIN%22.%26nbsp%3B%20This%20would%20*INSTANTLY*%20make%20sense%20to%20everyone%20in%20the%20UK%20-%20no%20further%20explanation%20required!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%5BI%20understand%20the%20US%20doesn't%20generally%20use%20%22chip%20and%20PIN%22%3B%20that's%20fine%2C%20leave%20the%20full%20explanation%20in%20there%20too%5D.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904404%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904404%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31161%22%20target%3D%22_blank%22%3E%40Steve%20Hernou%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383855%22%20target%3D%22_blank%22%3E%40n0creativity%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F153423%22%20target%3D%22_blank%22%3E%40Rob%20Hardman%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20you%20added%20yourself%20to%20passwordless%20authN%20methods%20in%20Azure%2C%20check%20to%20make%20sure%20it%20wasn't%20done%20via%20a%20distribution%20group.%20That%20will%20produce%20the%20something%20went%20wrong%20error.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904794%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904794%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F311133%22%20target%3D%22_blank%22%3E%40Ash_677-1%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20tip.%20I%20will%20keep%20this%20in%20mind.%20Is%20this%20a%20known%20bug%20the%20product%20group%20is%20working%20on%3F%20It%20does%20not%20seem%20to%20affect%20the%20authenticator%20app%20passwordless%20option%20because%20that%20is%20scoped%20to%20a%20group%20on%20my%20tenant%20as%20well%20and%20that%20works%20like%20a%20charm.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383855%22%20target%3D%22_blank%22%3E%40n0creativity%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F153423%22%20target%3D%22_blank%22%3E%40Rob%20Hardman%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F27877%22%20target%3D%22_blank%22%3E%40Steve%20Whitcher%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFinally%20took%20the%20time%20to%20dig%20a%20bit%20deeper%20on%20the%20inability%20to%20register%20my%20Yubi5%20key%20and%20contacted%20MS%20support.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20appears%20the%20reason%20I%20cannot%20even%20register%20the%20key%20on%20my%20tenant%20is%20because%20I%20am%20using%20a%20hybrid%20AD%20joined%20device%20to%20do%20the%20action%20from.%3C%2FP%3E%3CP%3EThat's%20also%20the%20reason%20why%20I%20was%20able%20to%20successfully%20register%20the%20key%20on%20my%20test%20O365%20tenant%20where%20my%20device%20is%20not%20hybrid%20joined%20to.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20spare%20device%20that's%20pure%20Azure%20AD%20joined%20so%20I%20am%20going%20to%20try%20and%20register%20the%20key%20from%20that%20device.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904858%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904858%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31161%22%20target%3D%22_blank%22%3E%40Steve%20Hernou%3C%2FA%3E%26nbsp%3BThat%E2%80%99s%20interesting.%20Unfortunately%20I%20have%20been%20trying%20it%20from%20a%20pure%20AADJoined%20device%20so%20don%E2%80%99t%20think%20it%20applies%20in%20my%20case.%20I%20might%20open%20my%20own%20support%20case%20to%20get%20some%20specific%20logs%2Ftelemetry%20to%20the%20product%20team.%20Thanks%20anyway%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-904866%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-904866%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F311133%22%20target%3D%22_blank%22%3E%40Ash_677-1%3C%2FA%3ENow%20your%20tip%20may%20indeed%20be%20the%20root%20cause%20for%20me.%20I%20chose%20an%20O365%20group%20(security%20groups%20weren%E2%80%99t%20a%20specified%20requirement%20on%20the%20product%20info%20page%20at%20the%20time%2C%20if%20my%20memory%20serves%E2%80%A6)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20will%20retry%20with%20a%20dedicated%20AAD%20security%20group.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-909072%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-909072%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F153423%22%20target%3D%22_blank%22%3E%40Rob%20Hardman%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31161%22%20target%3D%22_blank%22%3E%40Steve%20Hernou%3C%2FA%3E%26nbsp%3B%20I%20don't%20know%20if%20the%20product%20group%20is%20working%20on%20it%2C%20it%20doesn't%20affect%20the%20authenticator%20app.%20Also%2C%20for%20what%20its%20worth%2C%20the%20Azure%20audit%20log%20will%20list%20an%20error%20for%20UnknownFutureValue%20when%20I%20found%20the%20correlation%20ID.%20Process%20of%20elimination%20to%20figure%20out%20it%20was%20a%20dist%20group%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-912439%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-912439%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F311133%22%20target%3D%22_blank%22%3E%40Ash_677-1%3C%2FA%3E%26nbsp%3Busing%20a%20dedicated%20security%20group%20fixed%20the%20issue%20for%20me.%20Curiously%2C%20enabling%20FIDO2%20in%20AAD%20with%20the%20%22all%20users%22%20option%20didn't%20-%20it%20had%20to%20be%20%22selected%20users%22%20with%20the%20dedicated%20security%20group%20to%20get%20it%20all%20working.%20Thanks%20for%20your%20assistance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-914224%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-914224%22%20slang%3D%22en-US%22%3EAsh_677-1%20-%20Thanks!%20That%20fixed%20it%20for%20me.%20After%20changing%20it%20and%20explicitly%20listing%20the%20users%20(it's%20only%203%20of%20us)%2C%20we%20are%20able%20to%20add%20our%20keys.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916596%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916596%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383855%22%20target%3D%22_blank%22%3E%40n0creativity%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F153423%22%20target%3D%22_blank%22%3E%40Rob%20Hardman%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F27877%22%20target%3D%22_blank%22%3E%40Steve%20Whitcher%3C%2FA%3E%26nbsp%3B%20ok%20big%20update.%20Seems%20like%20our%20MS%20Support%20Engineer%20was%20wrong%20in%20his%20assessment%20that%20you%20cannot%20register%20FIDO2%20keys%20from%20a%20hybrid%20joined%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20test%20the%20reply%20from%20MS%20I%20took%20an%20Azure%20AD%20joined%20device%20and%20attempted%20to%20register%20my%20Yubico%20key.%20Once%20I%20got%20to%20the%20end%20to%20name%20and%20save%20the%20key%2C%20I%20was%20again%20prompted%20with%20an%20error%20but%20this%20time%20one%20that%20actually%20provided%20info%20instead%20of%20'We're%20sorry%2C%20we%20ran%20into%20a%20problem.'.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20error%20stated%20the%20key%20type%20I%20am%20trying%20to%20register%20is%20not%20allowed%20by%20my%20administrator.%20So%20I%20went%20and%20checked%20my%20FIDO2%20auth%20settings%20since%20I%20remember%20limiting%20the%20allowed%20key%20type%20to%20the%20one%20Yubico%20type%20I%20have.%20It%20seems%20I%20had%20forgot%20(or%20missed)%20to%20put%20the%20slider%20on%20Allow%20key%20types%20instead%20of%20Block%20key%20types%20so%20I%20was%20allowing%20all%20key%20types%20except%20the%20one%20I%20had.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20I%20corrected%20my%20mistake%20I%20was%20able%20to%20register%20the%20FIDO2%20key%20from%20my%20hybrid%20joined%20device%20without%20issue.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E*feeling%20very%20dumb%20right%20now*%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-986171%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-986171%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Will%20this%20work%20with%20Mobile%20Phone%20Clients%3A%3C%2FP%3E%3CP%3EReact%20%2F%20JS%20Single%20Page%20Application%20Apps%20on%20Android%20and%20Apple%20devices%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20If%20we%20have%20multple%20users%20using%20the%20SAME%20mobile%20phone%20e.g.%20BOB%26nbsp%3B%20uses%20phone%20during%20day%20and%20Peter%20uses%20the%20same%20phone%20at%20night%2C%20can%20they%20both%20log%20into%20the%20react%20spa%20apps%20with%20their%20own%20NFC%20devices%20and%20authentication%20with%20the%20AAD%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3.%20Will%20SSO%20work%20between%20our%203%20react%20JS%20SPA%20apps%20on%20the%20same%20mobile%20phone%2C%20they%20all%20configured%20with%20AAD%20login%20using%20MS%20Identity%202.0%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks,

 

I’m thrilled to let you know that you can now go passwordless with the public preview of FIDO2 security keys support in Azure Active Directory (Azure AD)! Many teams across Microsoft have been involved in this effort, and we’re proud to deliver on our vision of making FIDO2 technologies a reality to provide you with seamless, secure, and passwordless access to all your Azure AD-connected apps and services.

 

In addition, we turned on a new set of admin capabilities in the Azure AD portal that enable you to manage authentication factors for users and groups in your organization. In this first release, you can use them to manage a staged rollout of passwordless authentication using FIDO2 security keys and/or the Microsoft Authenticator application. Going forward you’ll see us add the ability to manage all our traditional authentication factors (Multi-Factor Authentication (MFA), OATH Tokens, phone number sign in, etc.). Our goal is to enable you to use this one tool to manage all your authentication factors.

 

Why do we feel so strongly about passwordless?

Every day, more and more of our customers move to cloud services and applications. They need to know that the data and services stored in these services are secure. Unfortunately, passwords are no longer an effective security mechanism. We know from industry analysts that 81 percent of successful cyberattacks begin with a compromised username and password. Additionally, traditional MFA, while very effective, can be hard to use and has a very low adoption rate.

 

It’s clear we need to provide our customers with authentication options that are secure and easy to use, so they can confidently access information without having to worry about hackers taking over their accounts.

 

This is where passwordless authentication comes in. We believe it will help to significantly and permanently reduce the risk of account compromise.

 

Passwordless sign in flow 2.png

 

 

Now, all Azure AD users can sign in password-free using a FIDO2 security key, the Microsoft Authenticator app, or Windows Hello. These strong authentication factors are based off the same world class, public key/private key encryption standards and protocols, which are protected by a biometric factor (fingerprint or facial recognition) or a PIN. Users apply the biometric factor or PIN to unlock the private key stored securely on the device. The key is then used to prove who the user and the device are to the service. 

 

Public preview of Azure AD support for FIDO2 based passwordless 2.jpg

 

Check out this video where Joy Chik, corporate vice president of Identity, and I talk more about this new standard for signing in. To learn more about why this should be a priority for you and your organization, read our whitepaper.

 

Let’s get you started!

To help you get started on your own passwordless journey, this week we’re rolling out a bonanza of public preview capabilities. These new features include:

  • A new Authentication methods blade in your Azure AD admin portal that allows you to assign passwordless credentials using FIDO2 security keys and passwordless sign-in with Microsoft Authenticator to users and groups.

Public preview of Azure AD support for FIDO2 based passwordless 3.png

 

Public preview of Azure AD support for FIDO2 based passwordless 4.png

 

Public preview of Azure AD support for FIDO2 based passwordless 5.png

 

FIDO2 hardware

Microsoft has teamed up with leading hardware partners, Feitian Technologies, HID Global, and Yubico, to make sure we have a range of FIDO2 form factors available at launch, including keys connecting via USB and NFC protocols. Sue Bohn has more details on those partnerships.

 

Please be sure to verify that any FIDO2 security keys you’re considering for your organization meet the additional options required to be compatible with Microsoft’s implementation.

 

passwordless.jpg

Our passwordless strategy

Our passwordless strategy is a four-step approach where we deploy replacement offerings, reduce the password surface area, transition to passwordless deployment, and finally eliminate passwords:

 

Public preview of Azure AD support for FIDO2 based passwordless 8.png

 

Today’s product launches are an important milestone for getting to passwordless. In addition, the engineering work we did to provide authentication methods management for administrators and user registration and management, will allow us to move even faster to improve credentials management experiences, as well as bring new capabilities and credentials online more simply. We’re working with our Windows security engineering team to make FIDO2 authentication work for hybrid-joined devices.

 

Of course, we look forward to feedback from you across all of these features, to help us improve before we make them generally available.

 

Regards,

 Alex (Twitter: @Alex_A_Simons)

 Corporate VP of Program Management

 Microsoft Identity Division

 

Additional links

 

54 Comments
Occasional Contributor

@Ash_677-1 using a dedicated security group fixed the issue for me. Curiously, enabling FIDO2 in AAD with the "all users" option didn't - it had to be "selected users" with the dedicated security group to get it all working. Thanks for your assistance.

Regular Visitor
Ash_677-1 - Thanks! That fixed it for me. After changing it and explicitly listing the users (it's only 3 of us), we are able to add our keys.
Contributor

@n0creativity @Rob Hardman @Steve Whitcher  ok big update. Seems like our MS Support Engineer was wrong in his assessment that you cannot register FIDO2 keys from a hybrid joined device.

 

To test the reply from MS I took an Azure AD joined device and attempted to register my Yubico key. Once I got to the end to name and save the key, I was again prompted with an error but this time one that actually provided info instead of 'We're sorry, we ran into a problem.'.

 

The error stated the key type I am trying to register is not allowed by my administrator. So I went and checked my FIDO2 auth settings since I remember limiting the allowed key type to the one Yubico type I have. It seems I had forgot (or missed) to put the slider on Allow key types instead of Block key types so I was allowing all key types except the one I had.

 

Once I corrected my mistake I was able to register the FIDO2 key from my hybrid joined device without issue. 


*feeling very dumb right now* :)

Occasional Visitor

Hi,

 

1. Will this work with Mobile Phone Clients:

React / JS Single Page Application Apps on Android and Apple devices?

 

2. If we have multple users using the SAME mobile phone e.g. BOB  uses phone during day and Peter uses the same phone at night, can they both log into the react spa apps with their own NFC devices and authentication with the AAD?

 

3. Will SSO work between our 3 react JS SPA apps on the same mobile phone, they all configured with AAD login using MS Identity 2.0?