Home
%3CLINGO-SUB%20id%3D%22lingo-sub-748555%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748555%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20stuck%20on%20this%20step%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20seeing%20any%20methods%20to%20enable.%26nbsp%3B%20Any%20help%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748651%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748651%22%20slang%3D%22en-US%22%3E%3CP%3ESimilar%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24004%22%20target%3D%22_blank%22%3E%40chad%20Snelson%3C%2FA%3E%26nbsp%3BI%20Enable%20yes%2C%20and%20then%20select%20my%20user%20account%20as%20a%20target%20and%20hit%20save.%26nbsp%3B%20When%20I%20reload%20the%20page%20any%20changes%20I%20made%20go%20away.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748677%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748677%22%20slang%3D%22en-US%22%3EDoes%20this%20require%20Azure%20AD%20Premium%20licenses%20to%20work%20or%20can%20it%20also%20be%20used%20with%20Office%20365%20with%20Azure%20AD%20free%20tier%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748865%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748865%22%20slang%3D%22en-US%22%3Ei%20can't%20get%20past%20this%20step%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%3C%2FA%3EOnly%20password%20authentication%20is%20available%3A%20%3CA%20href%3D%22https%3A%2F%2Fibb.co%2FC1n3QvL%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fibb.co%2FC1n3QvL%3C%2FA%3EUser%20feature%20previews%20is%20enabled%3A%20%3CA%20href%3D%22https%3A%2F%2Fibb.co%2FLQRWy4k%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fibb.co%2FLQRWy4k%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749065%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749065%22%20slang%3D%22en-US%22%3EHi%20all.%20Same%20issue%20here.%20Enabled%20user-%20selected%20save%20-%20then%2C%20nothing%20happens.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749113%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749113%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20beyond%20thrilled%20to%20see%20that%20this%20is%20finally%20to%20the%20public%20preview%20stage...%20and%20almost%20equally%20disappointed%20that%20yet%20again%20this%20awesome%20new%20feature%20doesn't%20support%20Hybrid%20AAD%20Joined%20devices.%26nbsp%3B%20%3A(%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20that%20said%2C%20I'm%20willing%20to%20test%20on%20AAD%20Joined%20devices%20(not%20hybrid)%2C%20but%20I'm%20stuck%20at%20the%20same%20point%20as%20others.%26nbsp%3B%20Under%20the%20section%20%22Enable%20new%20passwordless%20authentication%20methods%22%2C%20it%20says%20to%20choose%20certain%20options%20under%20each%20method.%26nbsp%3B%20However%2C%20the%20list%20of%20methods%20on%20this%20screen%20is%20empty%2C%20just%20showing%20%22No%20results%22.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPerhaps%20these%20methods%20are%20still%20being%20rolled%20out%2C%20or%20some%20of%20the%20earlier%20steps%20required%20to%20enable%20this%20take%20time%20to%20propagate%20before%20the%20methods%20appear%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749297%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749297%22%20slang%3D%22en-US%22%3E%3CP%3EI'll%20join%20as%20well%2C%20facing%20the%20same%20issue%20as%20most%20people%20who%20have%20posted.%20All%20the%20pre-reqs%20are%20there%2C%20then%20you%20enable%20it%20for%20a%20group%20of%20users%2C%20hit%20Save%20and%20nothing%20happens%20and%20your%20saved%20settings%20are%20gone.%20%3A-(%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749852%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749852%22%20slang%3D%22en-US%22%3E%3CP%3ENow%20it%20works%20with%20the%20phone%20signin%20%3A).%20But%20i'm%20missing%20the%20%3A%20%22Sign%20in%20with%20security%20key%22%20option%20on%20the%20portal.office.com%20page%3F%3C%2FP%3E%3CP%3EI%20may%20come%20overnight%20i%20guess%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749861%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749861%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20of%20this%20morning%2C%20I%20now%20have%20%22Fido2%20Security%20Key%22%20and%20%22Microsoft%20Authenticator%20passwordless%20sign-in%22%20under%20methods%2C%20and%20I've%20enabled%20both.%26nbsp%3B%20Unfortunately%2C%20when%20I%20try%20to%20set%20up%20my%20Yubikey%205%20NFC%20security%20key%2C%20I%20get%20a%20message%20that%20%22This%20security%20key%20can't%20be%20used.%26nbsp%3B%20Please%20try%20a%20different%20one.%22%26nbsp%3B%20Yubico%20is%20listed%20as%20one%20of%20the%20supported%20vendors%2C%20and%20this%20model%20of%20key%20is%20the%20one%20that%20they%20recommend%20for%20passwordless%20AzureAD%20use%2C%20so%20I'm%20not%20sure%20what%20the%20issue%20is.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20%3CEM%3Eam%3C%2FEM%3Etrying%20to%20set%20it%20up%20on%20a%20Hybrid%20AAD%20Joined%20computer%2C%20but%20if%20I%20understand%20correctly%20I%20should%20be%20able%20to%20set%20it%20up%20and%20use%20it%20for%20web%20based%20authentication%2C%20it%20is%20just%20not%20supported%20for%20use%20at%20the%20windows%20lock%20scren.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750018%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750018%22%20slang%3D%22en-US%22%3E%3CP%3EI%20receive%20a%20message%20when%20going%20to%20myprofile.microsoft.com%3A%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%20class%3D%22ms-Fabric%20_2lVrYyr1x2VaN-2g40D4hH%20root-47%22%3E%3CDIV%3E%3CDIV%20class%3D%22ms-MessageBar%20ms-MessageBar--warning%20ms-MessageBar-multiline%20_3QutgDTIFO_9Z0lTpYxiIo%20root-54%22%3E%3CDIV%20class%3D%22ms-MessageBar-content%20content-55%22%3E%3CDIV%20class%3D%22ms-MessageBar-text%20text-58%22%3E%3CSPAN%20class%3D%22ms-MessageBar-innerText%20innerText-59%22%3E%3CSPAN%3EOops%2C%20seems%20like%20the%20organization%20you%20tried%20signing%20into%20hasn't%20activated%20the%20new%20profile%20experience%20at%20this%20time.%20Please%20contact%20your%20admin%20for%20more%20information.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22ms-MessageBar-text%20text-58%22%3E%3CSPAN%20class%3D%22ms-MessageBar-innerText%20innerText-59%22%3EI've%20used%20Chrome%20and%20Internet%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22ms-MessageBar-text%20text-58%22%3E%3CSPAN%20class%3D%22ms-MessageBar-innerText%20innerText-59%22%3EThe%20feature%20regarding%20Phone%20sign-in%20works%20well%20for%20me%20%3A)%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750019%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750019%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20this%20allow%20applications%20to%20offer%20passwordless%20sign%20on%20that%20are%20using%20Azure%20AD%20as%20an%20identity%20provider%20via%20SAML%202.0%20or%20OpenID%20Connect%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750035%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750035%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F254454%22%20target%3D%22_blank%22%3E%40AnthonyClark_316%3C%2FA%3E%26nbsp%3B%20I%20think%20so%20authentication%20with%20integrated%20applications%20goes%20through%20the%20Microsoft%20log-in%20page.%20We've%20setted%20up%20SSO%20with%20SAP%20ByDesign%20if%20a%20user%20connects%20through%20the%20SAP%20ByDesign%20URL%20in%20a%20private%20browser%20it%20redirects%20to%20the%20Microsoft%20log-in%20page%20where%20you%20need%20to%20enter%20the%20corporate%20credentials%20of%20you're%20Azure%20AD%20account%20or%20AD%20account%20if%20you're%20using%20a%20Hybrid%20Scenario%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750115%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750115%22%20slang%3D%22en-US%22%3E%3CP%3EI%20also%20had%20to%20wait%20a%20few%20minutes%20(like%2030)%20before%20the%20auth-methods%20appeared%20in%20my%20tenant.%20Anyway%20all%20is%20working%20now%20and%20-if%20you%20are%20interested-%20I%20have%20written%20a%20blog-post%20about%20it%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Femptydc.com%2F2019%2F07%2F11%2Fpasswords-with-or-without-you%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Femptydc.com%2F2019%2F07%2F11%2Fpasswords-with-or-without-you%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2CJan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750161%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750161%22%20slang%3D%22en-US%22%3EThis%20morning%20i%20could%20finish%20the%20steps%20and%20my%20yubikey%20is%20working.%20Thanks%20guys%20for%20the%20help.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750282%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750282%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20passwordless%20login%20to%20windows%20also%20supported%20using%20the%20Authenticator%20app%2C%20or%20just%20the%20security%20key%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20enabled%20both%20credentials%2C%20and%20my%20credential%20in%20the%20authenticator%20app%20is%20enabled%20for%20phone%20sign-in%2C%20but%20I'm%20not%20seeing%20any%20way%20to%20initiate%20a%20phone%20sign-in%20at%20the%20windows%20lock%20screen.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750936%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750936%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F27877%22%20target%3D%22_blank%22%3E%40Steve%20Whitcher%3C%2FA%3E%2C%20I%20think%20the%20Windows%20login%20is%20(atm)%20only%20supported%20on%20pure%20Azure%20AD%20joined%20machines%2C%20not%20hybrid%20joined%20devices.%20(I%20am%20assuming%20you're%20trying%20this%20from%20a%20Hybrid%20AAD%20joined%20device%20based%20on%20your%20previous%20post%20%3A)%20).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750952%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750952%22%20slang%3D%22en-US%22%3E%3CP%3EMusings%20after%20first%205%20minute%20test%20with%20the%20Authenticator%20app%20option.%20Both%20Edge%20and%20Chrome%20prompt%20me%20for%20the%20app%20sign%20in%20the%20first%20time.%3C%2FP%3E%3CP%3EI%20choose%20to%20not%20keep%20me%20signed%20in%20and%20subsequently%20perform%20a%20correct%20logout%20of%20my%20session.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20then%20choosing%20to%20sign%20in%20again%20from%20the%20office.com%20page%2C%20I%20get%20prompted%20for%20my%20password%20and%20not%20the%20app%20sign%20in%20%3A-(%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20close%20the%20browser%20and%20re-open%20and%20go%20back%20to%20office.com%20to%20sign%20in%2C%20I%20get%20the%20app%20sign-in%20again.%20I%20don't%20know%20about%20the%20rest%20of%20you%20but%20I%20find%20that%20weird%20and%20not%20a%20very%20nice%20or%20consistent%20experience.%3C%2FP%3E%3CP%3EI%20might%20be%20doing%20something%20wrong%20but%20if%20I%20am%2C%20I%20don't%20know%20what%20it%20is%20%3A)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EP.S.%20is%20there%20a%20way%20to%20remove%20the%20'sign%20in%20with%20a%20password%20instead'%20option%20so%20only%20app%20is%20possible%20and%20if%20so%2C%20which%20are%20'backup%20methods'%20in%20case%20you%20forgot%20your%20phone%20at%20home%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751402%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751402%22%20slang%3D%22en-US%22%3E%3CP%3EStill%20waiting%20for%20the%20authentication%20methods%20to%20show%20up%20in%20our%20subscriptions.%20Been%20waiting%20for%20more%20than%2024%20hours%20now%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751490%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751490%22%20slang%3D%22en-US%22%3E%3CP%3EI%20contact%20Office%20365%20tech%20support%20for%20issue%20enabled%20%22Authentication%20method%20policy%20(Preview)%22%20but%20not%20show%20the%20new%20authentication%20methods%20appeared%20in%20my%20Office%20365%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBelow%20is%20tech%20support%20suggest%20me%20to%20use%20powershell%20for%20enable%20passwordless%20authentication%20method%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3ESearch%20%26nbsp%3Bwindows%20powershell%20%26nbsp%3Bin%20your%20computer%20%2Cright%20click%20powershell%20and%20choose%20run%20as%20an%20administrator%3C%2FLI%3E%3CLI%3ETo%20confirm%20whether%20you%20have%20this%20version%20installed%20%2Crun%20%3A%20Get-Module%20-Name%20AzureAD%20-ListAvailable%20%26nbsp%3B%3C%2FLI%3E%3CLI%3EIf%20you%20currently%20have%20the%20Azure%20AD%20PowerShell%20module%20installed%20and%20it%E2%80%99s%20not%20%3CSTRONG%3Eat%20least%3C%2FSTRONG%3Eversion%202.0.2.5%2C%20you%E2%80%99ll%20need%20to%20uninstall%20it.%20To%20do%20this%2C%20run%3A%3CBR%20%2F%3E%3CBR%20%2F%3EUninstall-Module%20-Name%20AzureAd%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3EIf%20you%20don%E2%80%99t%20have%20the%20Azure%20AD%20PowerShell%20module%20installed%2C%20or%20you%E2%80%99ve%20just%20uninstalled%20it%2C%20you%E2%80%99ll%20need%20to%20install%20it%20by%20running%3A%3CBR%20%2F%3E%3CBR%20%2F%3EInstall-Module%20-Name%20AzureADPreview%3C%2FLI%3E%3CLI%3EEnabling%20Passwordless%20Authentication%20for%20a%20single%20Office%20365%20tenant%2C%20run%3A%3CBR%20%2F%3E%3CBR%20%2F%3EConnect-AzureAD%3CBR%20%2F%3E%3CBR%20%2F%3ENew-AzureADPolicy%20-Type%20AuthenticatorAppSignInPolicy%20-Definition%20'%7B%22AuthenticatorAppSignInPolicy%22%3A%7B%22Enabled%22%3Atrue%7D%7D'%20-isOrganizationDefault%20%24true%20-DisplayName%20AuthenticatorAppSignIn%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751717%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751717%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Eadding%20the%20security%20key%20works%20fine.%20Windows%2010%20Sign-in%20as%20well.%3C%2FP%3E%3CP%3EHowever%2C%20I%20can't%20seem%20to%20get%20any%20browser%20to%20use%20the%20key%20for%20any%20sign-in%20to%20corporate%20resources%20(personal%20Microsoft%20Accounts%20work).%3C%2FP%3E%3CP%3EFirefox%20prompts%20%22This%20security%20key%20doesn't%20look%20familiar.%22%20and%20Edge%20(up-to-date)%20doesn't%20even%20give%20me%20the%20option%20use%20a%20security%20key%20as%20sign-in%20option.%3C%2FP%3E%3CP%3EDoes%20anybody%20else%20have%20these%20issues%3F%3C%2FP%3E%3CP%3Ebtw%3A%20I%20am%20using%20a%20Feitian%20BioPass%20key.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EChris%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751919%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751919%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F289321%22%20target%3D%22_blank%22%3E%40ChristianMueller%3C%2FA%3E%26nbsp%3BWe%20have%20the%20exact%20same%20issue.%20We%20are%20able%20to%20login%20to%20Windows%20with%20the%20security%20key%2C%20however%20logging%20into%20Azure%20Portal%20or%20the%20Office%20365%20portal%20in%20Firefox%20we%20get%20prompted%20%22%3CSPAN%3EThis%20security%20key%20doesn't%20look%20familiar%22%20and%20in%20Edge%20there%20is%20no%20option%20at%20all%20to%20login%20with%20a%20security%20key.%26nbsp%3B%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20are%20using%20Yubikey%205%20NFC%20keys%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752294%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752294%22%20slang%3D%22en-US%22%3E%3CP%3Ecan%20someone%20tell%20me%20how%20to%20get%20the%20login%20page%20on%20Azure%20or%20Office%20which%20support%20security%20key%20%3F%20on%20portal.azure.com%20nothing%20to%20select%20a%20security%20key...%3C%2FP%3E%3CP%3Ethank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752595%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752595%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375441%22%20target%3D%22_blank%22%3E%40crapitouille%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20Firefox%20browse%20to%20portal.azure.com%20or%20portal.office355.com%20or%20login.microsoftonline.com%20you%20need%20to%20ensure%20you%20are%20signed%20out%20and%20then%20click%20%22Sign-in%20Options%22%20at%20the%20bottom%2C%20then%20%22Sign%20in%20with%20Windows%20Hello%20or%20a%20security%20key%22.%20It%20will%20prompt%20you%20to%20insert%20your%20security%20key%20into%20the%20USB%20port%20or%20Tap%20on%20the%20NFC%2C%20then%20when%20you%20do%20that%20it%20will%20say%20something%20along%20the%20lines%20of%20%22The%20security%20key%20doesn't%20look%20familiar%2C%20please%20try%20another%20one.%20In%20Edge%20we%20are%20not%20prompted%20with%20any%20other%20additional%20sign-in%20options%20other%20than%20sign-in%20with%20GitHub.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%20Hello%20sign-ins%20for%20Windows%20Logon%20is%20working%20flawlessly%2C%20unfortunately%20portal%20logins%20are%20not.%20Its%20in%20preview%20though%2C%20so%20probably%20expected%20not%20to%20work%20%3A)%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749168%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749168%22%20slang%3D%22en-US%22%3E%3CP%3EFolks%2C%20if%20some%20of%20you%20are%20still%20unable%20to%20access%20these%20features%20please%20email%20your%20tenant%20ID%20to%20swkrish%20AT%20microsoft%20DOT%20com%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPS%3A%26nbsp%3B%3CSPAN%3EOur%20apologies%2C%20deployments%20are%20taking%20longer%20than%20intended%2C%20we%20expect%20all%20customers%20should%20have%20all%20the%20functionalities%20working%20no%20later%20than%20Fri%20evening%2C%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3BPacific%20time%20zone.%20Thanks%20for%20your%20interest.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-746362%22%20slang%3D%22en-US%22%3EAnnouncing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-746362%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%E2%80%99m%20thrilled%20to%20let%20you%20know%20that%20you%20can%20now%20go%20passwordless%20with%20the%20public%20preview%20of%20FIDO2%20security%20keys%20support%20in%20Azure%20Active%20Directory%20(Azure%20AD)!%20Many%20teams%20across%20Microsoft%20have%20been%20involved%20in%20this%20effort%2C%20and%20we%E2%80%99re%20proud%20to%20deliver%20on%20our%20vision%20of%20making%20FIDO2%20technologies%20a%20reality%20to%20provide%20you%20with%20seamless%2C%20secure%2C%20and%20%3CSTRONG%3Epasswordless%20%3C%2FSTRONG%3Eaccess%20to%20all%20your%20Azure%20AD-connected%20apps%20and%20services.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%2C%20we%20turned%20on%20a%20new%20set%20of%20admin%20capabilities%20in%20the%20Azure%20AD%20portal%20that%20enable%20you%20to%20manage%20authentication%20factors%20for%20users%20and%20groups%20in%20your%20organization.%20In%20this%20first%20release%2C%20you%20can%20use%20them%20to%20manage%20a%20staged%20rollout%20of%20passwordless%20authentication%20using%20FIDO2%20security%20keys%20and%2For%20the%20Microsoft%20Authenticator%20application.%20Going%20forward%20you%E2%80%99ll%20see%20us%20add%20the%20ability%20to%20manage%20all%20our%20traditional%20authentication%20factors%20(Multi-Factor%20Authentication%20(MFA)%2C%20OATH%20Tokens%2C%20phone%20number%20sign%20in%2C%20etc.).%20Our%20goal%20is%20to%20enable%20you%20to%20use%20this%20one%20tool%20to%20manage%20all%20your%20authentication%20factors.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%20id%3D%22toc-hId-1595089304%22%3EWhy%20do%20we%20feel%20so%20strongly%20about%20passwordless%3F%3C%2FH3%3E%0A%3CP%3EEvery%20day%2C%20more%20and%20more%20of%20our%20customers%20move%20to%20cloud%20services%20and%20applications.%20They%20need%20to%20know%20that%20the%20data%20and%20services%20stored%20in%20these%20services%20are%20secure.%20Unfortunately%2C%20passwords%20are%20no%20longer%20an%20effective%20security%20mechanism.%20We%20know%20from%20industry%20analysts%20that%2081%20percent%20of%20successful%20cyberattacks%20begin%20with%20a%20compromised%20username%20and%20password.%20Additionally%2C%20traditional%20MFA%2C%20while%20very%20effective%2C%20can%20be%20hard%20to%20use%20and%20has%20a%20very%20low%20adoption%20rate.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%E2%80%99s%20clear%20we%20need%20to%20provide%20our%20customers%20with%20authentication%20options%20that%20are%20secure%20%3CSTRONG%3Eand%3C%2FSTRONG%3Eeasy%20to%20use%2C%20so%20they%20can%20confidently%20access%20information%20without%20having%20to%20worry%20about%20hackers%20taking%20over%20their%20accounts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20where%20passwordless%20authentication%20comes%20in.%20We%20believe%20it%20will%20help%20to%20significantly%20and%20permanently%20reduce%20the%20risk%20of%20account%20compromise.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122853i4569536BF0BECC73%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Passwordless%20sign%20in%20flow%202.png%22%20title%3D%22Passwordless%20sign%20in%20flow%202.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%2C%20all%20Azure%20AD%20users%20can%20sign%20in%20password-free%20using%20a%20FIDO2%20security%20key%2C%20the%20Microsoft%20Authenticator%20app%2C%20or%20Windows%20Hello.%20These%20strong%20authentication%20factors%20are%20based%20off%20the%20same%20world%20class%2C%20public%20key%2Fprivate%20key%20encryption%20standards%20and%20protocols%2C%20which%20are%20protected%20by%20a%20biometric%20factor%20(fingerprint%20or%20facial%20recognition)%20or%20a%20PIN.%20Users%20apply%20the%20biometric%20factor%20or%20PIN%20to%20unlock%20the%20private%20key%20stored%20securely%20on%20the%20device.%20The%20key%20is%20then%20used%20to%20prove%20who%20the%20user%20and%20the%20device%20are%20to%20the%20service.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20502px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122792i04310580CE730292%2Fimage-dimensions%2F502x548%3Fv%3D1.0%22%20width%3D%22502%22%20height%3D%22548%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%202.jpg%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%202.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fpasswordlessvideo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECheck%20out%20this%20video%3C%2FA%3Ewhere%20Joy%20Chik%2C%20corporate%20vice%20president%20of%20Identity%2C%20and%20I%20talk%20more%20about%20this%20new%20standard%20for%20signing%20in.%20To%20learn%20more%20about%20why%20this%20should%20be%20a%20priority%20for%20you%20and%20your%20organization%2C%20read%20our%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fgopasswordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewhitepaper%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%20id%3D%22toc-hId--957067657%22%3ELet%E2%80%99s%20get%20you%20started!%3C%2FH3%3E%0A%3CP%3ETo%20help%20you%20get%20started%20on%20your%20own%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Epasswordless%3C%2FA%3Ejourney%2C%20this%20week%20we%E2%80%99re%20rolling%20out%20a%20bonanza%20of%20public%20preview%20capabilities.%20These%20new%20features%20include%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EA%20new%20Authentication%20methods%20blade%20in%20your%20Azure%20AD%20admin%20portal%20that%20allows%20you%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23enable-new-passwordless-authentication-methods%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eassign%20passwordless%20credentials%3C%2FA%3Eusing%20FIDO2%20security%20keys%20and%20passwordless%20sign-in%20with%20Microsoft%20Authenticator%20to%20users%20and%20groups.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122793iE38105F756CBAB73%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%203.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%203.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EUpdated%20capabilities%20in%20the%20converged%20Registration%20portal%20for%20your%20users%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23user-registration-and-management-of-fido2-security-keys%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecreate%20and%20manage%20FIDO2%20security%20keys%3C%2FA%3E.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122794i1F9A3D4E5DCFBA9B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%204.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%204.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAbility%20to%20use%20FIDO2%20security%20keys%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23sign-in-with-passwordless-credentials%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eauthenticate%20across%20Azure%20AD-joined%20Windows%2010%20devices%3C%2FA%3Eon%20the%20latest%20versions%20of%20Edge%20and%20Firefox%20browsers.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122795iF9DC6D56AFE00B70%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%205.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%205.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%20id%3D%22toc-hId-785742678%22%3EFIDO2%20hardware%3C%2FH3%3E%0A%3CP%3EMicrosoft%20has%20teamed%20up%20with%20leading%20hardware%20partners%2C%20Feitian%20Technologies%2C%20HID%20Global%2C%20and%20Yubico%2C%20to%20make%20sure%20we%20have%20a%20range%20of%20FIDO2%20form%20factors%20available%20at%20launch%2C%20including%20keys%20connecting%20via%20USB%20and%20NFC%20protocols.%20Sue%20Bohn%20has%20more%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FMicrosoft-passwordless-partnership-leads-to-innovation-and-great%2Fba-p%2F566493%22%20target%3D%22_self%22%3E%3CSPAN%3Edetails%20on%20those%20partnerships%3C%2FSPAN%3E%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20be%20sure%20to%20verify%20that%20any%20FIDO2%20security%20keys%20you%E2%80%99re%20considering%20for%20your%20organization%20meet%20the%20additional%20options%20required%20to%20be%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fmicrosoft-compatible-security-key%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecompatible%20with%20Microsoft%E2%80%99s%20implementation%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20906px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122817iA3C616C120D579BD%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22passwordless.jpg%22%20title%3D%22passwordless.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%20id%3D%22toc-hId--1766414283%22%3EOur%20passwordless%20strategy%3C%2FH3%3E%0A%3CP%3EOur%20passwordless%20strategy%20is%20a%20four-step%20approach%20where%20we%20deploy%20replacement%20offerings%2C%20reduce%20the%20password%20surface%20area%2C%20transition%20to%20passwordless%20deployment%2C%20and%20finally%20eliminate%20passwords%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122798i397EAB1334318903%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%208.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%208.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EToday%E2%80%99s%20product%20launches%20are%20an%20important%20milestone%20for%20getting%20to%20passwordless.%20In%20addition%2C%20the%20engineering%20work%20we%20did%20to%20provide%20authentication%20methods%20management%20for%20administrators%20and%20user%20registration%20and%20management%2C%20will%20allow%20us%20to%20move%20even%20faster%20to%20improve%20credentials%20management%20experiences%2C%20as%20well%20as%20bring%20new%20capabilities%20and%20credentials%20online%20more%20simply.%20We%E2%80%99re%20working%20with%20our%20Windows%20security%20engineering%20team%20to%20make%20FIDO2%20authentication%20work%20for%20hybrid-joined%20devices.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOf%20course%2C%20we%20look%20forward%20to%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FAzureADFeedback%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efeedback%20from%20you%3C%2FA%3Eacross%20all%20of%20these%20features%2C%20to%20help%20us%20improve%20before%20we%20make%20them%20generally%20available.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3BAlex%20(Twitter%3A%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40Alex_A_Simons%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3E%26nbsp%3BCorporate%20VP%20of%20Program%20Management%3C%2FP%3E%0A%3CP%3E%26nbsp%3BMicrosoft%20Identity%20Division%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%20id%3D%22toc-hId--23603948%22%3EAdditional%20links%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fgopasswordless%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EThe%20end%20of%20passwords%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FAzureADvideos%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPasswordless%20overview%20and%20how%20to%20videos%3C%2FA%3E%E2%80%94coming%20soon%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%3CDIV%20class%3D%22video-embed-center%20video-embed%22%3E%3CIFRAME%20class%3D%22embedly-embed%22%20src%3D%22https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Fsrc%3Dhttps%253A%252F%252Fwww.youtube.com%252Fembed%252FxzRY06mMu94%253Ffeature%253Doembed%26amp%3Burl%3Dhttp%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DxzRY06mMu94%26amp%3Bimage%3Dhttps%253A%252F%252Fi.ytimg.com%252Fvi%252FxzRY06mMu94%252Fhqdefault.jpg%26amp%3Bkey%3Dfad07bfa4bd747d3bdea27e17b533c0e%26amp%3Btype%3Dtext%252Fhtml%26amp%3Bschema%3Dyoutube%22%20width%3D%22400%22%20height%3D%22225%22%20scrolling%3D%22no%22%20frameborder%3D%220%22%20allow%3D%22autoplay%3B%20fullscreen%22%20allowfullscreen%3D%22true%22%20title%3D%22Video%22%3E%3C%2FIFRAME%3E%3C%2FDIV%3E%3CP%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-746362%22%20slang%3D%22en-US%22%3E%3CP%3EI%E2%80%99m%20thrilled%20to%20announce%20that%20you%20can%20now%20go%20passwordless%20with%20the%20public%20preview%20of%20FIDO2%20security%20keys%20support%20in%20Azure%20AD!%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122791i36A6E59366E93E36%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%20teaser.png%22%20title%3D%22Public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2%20based%20passwordless%20teaser.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753149%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753149%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20apologies%2C%20deployments%20are%20taking%20longer%20than%20intended.%20We%20expect%20all%20customers%20should%20have%20all%20the%20functionalities%20working%20no%20later%20than%20Friday%20evening%2C%20Pacific%20time%20zone.%20Thanks%20for%20your%20enthusiasm!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753844%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753844%22%20slang%3D%22en-US%22%3ENice%2C%20when%20is%20support%20for%20non%20microsoft%20operating%20systems%20goin%20to%20being%20added%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-754267%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-754267%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F314432%22%20target%3D%22_blank%22%3E%40AzureADTeam%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEverything%20works%20fine%20now%20%3A)%20Such%20a%20great%20addition%20to%20Azure%20AD!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752910%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752910%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20stuff!%20I%20went%20to%20test%20this%20out%20in%20my%20test%20tenant.%26nbsp%3BI%20am%20using%20Win%2010%201803.%20After%20enabling%20FIDO2%2C%20when%20I%20try%20register%20a%20user%20for%20the%20%22Security%20key%22%20method%2C%20I%20get%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CSPAN%3EWe%20detected%20that%20this%20browser%20or%20OS%20does%20not%20support%20FIDO2%20security%20keys.%3C%2FSPAN%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20this%20require%20Win%2010%201809%2B%3F%20Isn't%20FIDO2%20a%20matter%20of%20browser%20support%20-%20and%20OS%20agnostic%3F%20Will%20the%20AAD%20implementation%20of%20FIDO2%20eventually%20support%20MacOS%20and%20mobile%20devices%20(using%20a%20NFC-capable%20key)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753158%22%20slang%3D%22en-US%22%3ERe%3A%20Announcing%20the%20public%20preview%20of%20Azure%20AD%20support%20for%20FIDO2-based%20passwordless%20sign-in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753158%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowing%20the%20instructions%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%23user-registration-and-management-of-fido2-security-keys%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-authentication-passwordless-enable%3C%2FA%3E%26nbsp%3Bthere%20are%20a%20few%20issues.%20When%20I%20am%20trying%20to%20register%20the%20security%20key%20with%20my%20fingerprint%2C%20the%20Set%20up%20button%20is%20grayed%20out.%20This%20is%20with%20a%20Feitian%26nbsp%3BFIDO2%20BioPass%20security%20key%20which%20has%20the%20fingerprint%20sensor.%20The%20Windows%2010%20version%20is%201903%20enterprise.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20475px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123197i5A6005B42DD7F6D6%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22securitykey.png%22%20title%3D%22securitykey.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20although%20I%20get%20this%20option%20in%20the%20Windows%2010%20sign-in%20settings%20of%20the%20computer%2C%20I%20don't%20get%20the%20option%20to%20register%20the%20security%20key%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmyprofile.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyprofile.microsoft.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20497px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123198iBD4B7A31FB9912F8%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22myprofilesecuritysettings.png%22%20title%3D%22myprofilesecuritysettings.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEDIT%3A%20ok%2C%20I%20was%20able%20to%20set%20the%20fingerprints%20after%20first%20resetting%20the%20security%20key%20and%20then%20setting%20a%20PIN%20on%20it.%20After%20setting%20a%20PIN%2C%20the%20option%20to%20set%20fingerprints%20was%20enabled.%20But%20now%20I%20have%20another%20issue%3A%20although%20I%20seem%20to%20have%20finished%20the%20setup%20of%20the%20security%20key%2C%20when%20I%20attempt%20to%20sign-in%20to%20my%20account%20with%20it%20at%20the%20Windows%20sign-in%20screen%2C%20it%20simply%20says%20%22This%20security%20key%20doesn't%20look%20familiar.%20Please%20try%20a%20different%20one.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20stumped.%20Appreciate%20any%20help%20with%20this!%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks,

 

I’m thrilled to let you know that you can now go passwordless with the public preview of FIDO2 security keys support in Azure Active Directory (Azure AD)! Many teams across Microsoft have been involved in this effort, and we’re proud to deliver on our vision of making FIDO2 technologies a reality to provide you with seamless, secure, and passwordless access to all your Azure AD-connected apps and services.

 

In addition, we turned on a new set of admin capabilities in the Azure AD portal that enable you to manage authentication factors for users and groups in your organization. In this first release, you can use them to manage a staged rollout of passwordless authentication using FIDO2 security keys and/or the Microsoft Authenticator application. Going forward you’ll see us add the ability to manage all our traditional authentication factors (Multi-Factor Authentication (MFA), OATH Tokens, phone number sign in, etc.). Our goal is to enable you to use this one tool to manage all your authentication factors.

 

Why do we feel so strongly about passwordless?

Every day, more and more of our customers move to cloud services and applications. They need to know that the data and services stored in these services are secure. Unfortunately, passwords are no longer an effective security mechanism. We know from industry analysts that 81 percent of successful cyberattacks begin with a compromised username and password. Additionally, traditional MFA, while very effective, can be hard to use and has a very low adoption rate.

 

It’s clear we need to provide our customers with authentication options that are secure and easy to use, so they can confidently access information without having to worry about hackers taking over their accounts.

 

This is where passwordless authentication comes in. We believe it will help to significantly and permanently reduce the risk of account compromise.

 

Passwordless sign in flow 2.png

 

 

Now, all Azure AD users can sign in password-free using a FIDO2 security key, the Microsoft Authenticator app, or Windows Hello. These strong authentication factors are based off the same world class, public key/private key encryption standards and protocols, which are protected by a biometric factor (fingerprint or facial recognition) or a PIN. Users apply the biometric factor or PIN to unlock the private key stored securely on the device. The key is then used to prove who the user and the device are to the service. 

 

Public preview of Azure AD support for FIDO2 based passwordless 2.jpg

 

Check out this video where Joy Chik, corporate vice president of Identity, and I talk more about this new standard for signing in. To learn more about why this should be a priority for you and your organization, read our whitepaper.

 

Let’s get you started!

To help you get started on your own passwordless journey, this week we’re rolling out a bonanza of public preview capabilities. These new features include:

  • A new Authentication methods blade in your Azure AD admin portal that allows you to assign passwordless credentials using FIDO2 security keys and passwordless sign-in with Microsoft Authenticator to users and groups.

Public preview of Azure AD support for FIDO2 based passwordless 3.png

 

Public preview of Azure AD support for FIDO2 based passwordless 4.png

 

Public preview of Azure AD support for FIDO2 based passwordless 5.png

 

FIDO2 hardware

Microsoft has teamed up with leading hardware partners, Feitian Technologies, HID Global, and Yubico, to make sure we have a range of FIDO2 form factors available at launch, including keys connecting via USB and NFC protocols. Sue Bohn has more details on those partnerships.

 

Please be sure to verify that any FIDO2 security keys you’re considering for your organization meet the additional options required to be compatible with Microsoft’s implementation.

 

passwordless.jpg

Our passwordless strategy

Our passwordless strategy is a four-step approach where we deploy replacement offerings, reduce the password surface area, transition to passwordless deployment, and finally eliminate passwords:

 

Public preview of Azure AD support for FIDO2 based passwordless 8.png

 

Today’s product launches are an important milestone for getting to passwordless. In addition, the engineering work we did to provide authentication methods management for administrators and user registration and management, will allow us to move even faster to improve credentials management experiences, as well as bring new capabilities and credentials online more simply. We’re working with our Windows security engineering team to make FIDO2 authentication work for hybrid-joined devices.

 

Of course, we look forward to feedback from you across all of these features, to help us improve before we make them generally available.

 

Regards,

 Alex (Twitter: @Alex_A_Simons)

 Corporate VP of Program Management

 Microsoft Identity Division

 

Additional links

 

29 Comments
Occasional Contributor

I'm stuck on this step: 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-password...

 

I'm not seeing any methods to enable.  Any help would be appreciated.

Occasional Visitor

Similar to @chad Snelson I Enable yes, and then select my user account as a target and hit save.  When I reload the page any changes I made go away.

New Contributor
Does this require Azure AD Premium licenses to work or can it also be used with Office 365 with Azure AD free tier?
New Contributor
i can't get past this step https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-password... Only password authentication is available: https://ibb.co/C1n3QvL User feature previews is enabled: https://ibb.co/LQRWy4k
Senior Member
Hi all. Same issue here. Enabled user- selected save - then, nothing happens.
Regular Contributor

I'm beyond thrilled to see that this is finally to the public preview stage... and almost equally disappointed that yet again this awesome new feature doesn't support Hybrid AAD Joined devices.  :(

 

With that said, I'm willing to test on AAD Joined devices (not hybrid), but I'm stuck at the same point as others.  Under the section "Enable new passwordless authentication methods", it says to choose certain options under each method.  However, the list of methods on this screen is empty, just showing "No results".  

 

Perhaps these methods are still being rolled out, or some of the earlier steps required to enable this take time to propagate before the methods appear?

Folks, if some of you are still unable to access these features please email your tenant ID to swkrish AT microsoft DOT com?

 

PS: Our apologies, deployments are taking longer than intended, we expect all customers should have all the functionalities working no later than Fri evening, Pacific time zone. Thanks for your interest.

Contributor

I'll join as well, facing the same issue as most people who have posted. All the pre-reqs are there, then you enable it for a group of users, hit Save and nothing happens and your saved settings are gone. :-( 

New Contributor

Now it works with the phone signin :). But i'm missing the : "Sign in with security key" option on the portal.office.com page?

I may come overnight i guess ?

Regular Contributor

As of this morning, I now have "Fido2 Security Key" and "Microsoft Authenticator passwordless sign-in" under methods, and I've enabled both.  Unfortunately, when I try to set up my Yubikey 5 NFC security key, I get a message that "This security key can't be used.  Please try a different one."  Yubico is listed as one of the supported vendors, and this model of key is the one that they recommend for passwordless AzureAD use, so I'm not sure what the issue is.  

 

I am trying to set it up on a Hybrid AAD Joined computer, but if I understand correctly I should be able to set it up and use it for web based authentication, it is just not supported for use at the windows lock scren.  

Senior Member

I receive a message when going to myprofile.microsoft.com: 

Oops, seems like the organization you tried signing into hasn't activated the new profile experience at this time. Please contact your admin for more information.
I've used Chrome and Internet 
The feature regarding Phone sign-in works well for me :)

 

Frequent Visitor

Will this allow applications to offer passwordless sign on that are using Azure AD as an identity provider via SAML 2.0 or OpenID Connect?

Senior Member

@AnthonyClark_316  I think so authentication with integrated applications goes through the Microsoft log-in page. We've setted up SSO with SAP ByDesign if a user connects through the SAP ByDesign URL in a private browser it redirects to the Microsoft log-in page where you need to enter the corporate credentials of you're Azure AD account or AD account if you're using a Hybrid Scenario

Occasional Contributor

I also had to wait a few minutes (like 30) before the auth-methods appeared in my tenant. Anyway all is working now and -if you are interested- I have written a blog-post about it: 

 

https://emptydc.com/2019/07/11/passwords-with-or-without-you/

 

Cheers,
Jan

New Contributor
This morning i could finish the steps and my yubikey is working. Thanks guys for the help.
Regular Contributor

Is passwordless login to windows also supported using the Authenticator app, or just the security key? 

 

I have enabled both credentials, and my credential in the authenticator app is enabled for phone sign-in, but I'm not seeing any way to initiate a phone sign-in at the windows lock screen.  

Contributor

@Steve Whitcher, I think the Windows login is (atm) only supported on pure Azure AD joined machines, not hybrid joined devices. (I am assuming you're trying this from a Hybrid AAD joined device based on your previous post :) ).

Contributor

Musings after first 5 minute test with the Authenticator app option. Both Edge and Chrome prompt me for the app sign in the first time.

I choose to not keep me signed in and subsequently perform a correct logout of my session.

 

When then choosing to sign in again from the office.com page, I get prompted for my password and not the app sign in :-(

 

If I close the browser and re-open and go back to office.com to sign in, I get the app sign-in again. I don't know about the rest of you but I find that weird and not a very nice or consistent experience.

I might be doing something wrong but if I am, I don't know what it is :)

 

P.S. is there a way to remove the 'sign in with a password instead' option so only app is possible and if so, which are 'backup methods' in case you forgot your phone at home?

Frequent Visitor

Still waiting for the authentication methods to show up in our subscriptions. Been waiting for more than 24 hours now

Occasional Visitor

I contact Office 365 tech support for issue enabled "Authentication method policy (Preview)" but not show the new authentication methods appeared in my Office 365 tenant.

 

Below is tech support suggest me to use powershell for enable passwordless authentication method

 

  1. Search  windows powershell  in your computer ,right click powershell and choose run as an administrator
  2. To confirm whether you have this version installed ,run : Get-Module -Name AzureAD -ListAvailable  
  3. If you currently have the Azure AD PowerShell module installed and it’s not at least version 2.0.2.5, you’ll need to uninstall it. To do this, run:

    Uninstall-Module -Name AzureAd

  4. If you don’t have the Azure AD PowerShell module installed, or you’ve just uninstalled it, you’ll need to install it by running:

    Install-Module -Name AzureADPreview

  5. Enabling Passwordless Authentication for a single Office 365 tenant, run:

    Connect-AzureAD

    New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition '{"AuthenticatorAppSignInPolicy":{"Enabled":true}}' -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn
Regular Visitor

Hi,

adding the security key works fine. Windows 10 Sign-in as well.

However, I can't seem to get any browser to use the key for any sign-in to corporate resources (personal Microsoft Accounts work).

Firefox prompts "This security key doesn't look familiar." and Edge (up-to-date) doesn't even give me the option use a security key as sign-in option.

Does anybody else have these issues?

btw: I am using a Feitian BioPass key.

 

Thanks,

Chris

 

Occasional Visitor

@ChristianMueller We have the exact same issue. We are able to login to Windows with the security key, however logging into Azure Portal or the Office 365 portal in Firefox we get prompted "This security key doesn't look familiar" and in Edge there is no option at all to login with a security key. 

 

We are using Yubikey 5 NFC keys 

Occasional Visitor

can someone tell me how to get the login page on Azure or Office which support security key ? on portal.azure.com nothing to select a security key...

thank you

Occasional Visitor

@crapitouille 

 

In Firefox browse to portal.azure.com or portal.office355.com or login.microsoftonline.com you need to ensure you are signed out and then click "Sign-in Options" at the bottom, then "Sign in with Windows Hello or a security key". It will prompt you to insert your security key into the USB port or Tap on the NFC, then when you do that it will say something along the lines of "The security key doesn't look familiar, please try another one. In Edge we are not prompted with any other additional sign-in options other than sign-in with GitHub. 

 

Windows Hello sign-ins for Windows Logon is working flawlessly, unfortunately portal logins are not. Its in preview though, so probably expected not to work :) 

Regular Visitor

Good stuff! I went to test this out in my test tenant. I am using Win 10 1803. After enabling FIDO2, when I try register a user for the "Security key" method, I get:

 

"We detected that this browser or OS does not support FIDO2 security keys."

 

Does this require Win 10 1809+? Isn't FIDO2 a matter of browser support - and OS agnostic? Will the AAD implementation of FIDO2 eventually support MacOS and mobile devices (using a NFC-capable key)?

 

 

Established Member

Our apologies, deployments are taking longer than intended. We expect all customers should have all the functionalities working no later than Friday evening, Pacific time zone. Thanks for your enthusiasm!

Occasional Visitor

Hello,

 

Following the instructions at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-password... there are a few issues. When I am trying to register the security key with my fingerprint, the Set up button is grayed out. This is with a Feitian FIDO2 BioPass security key which has the fingerprint sensor. The Windows 10 version is 1903 enterprise.

 

securitykey.png

 

Also, although I get this option in the Windows 10 sign-in settings of the computer, I don't get the option to register the security key at https://myprofile.microsoft.com

myprofilesecuritysettings.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

EDIT: ok, I was able to set the fingerprints after first resetting the security key and then setting a PIN on it. After setting a PIN, the option to set fingerprints was enabled. But now I have another issue: although I seem to have finished the setup of the security key, when I attempt to sign-in to my account with it at the Windows sign-in screen, it simply says "This security key doesn't look familiar. Please try a different one."

 

I'm stumped. Appreciate any help with this!

Visitor
Nice, when is support for non microsoft operating systems goin to being added?
Regular Visitor

@AzureADTeam 

Everything works fine now :) Such a great addition to Azure AD!