Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Passwordless with fido2

Copper Contributor

Hi all :) 

 

I was wondering how to manage an important employee's turnover with a Passwordless solution? 

Especially with the fido2 key (Yubiko). Is it possible to reassign a key to another user?  

If users didn't have a phone for the authenticator app? maybe using a generic account? even if it's not recommanded. 

 

thanks for your help and responses. 

1 Reply
Hello Kamy,
it depends on the Passwordless solution you choose: FIDO2, SMS, Authenticator App, Windows Hello For Business
Source: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwo...

For each authentication method, an admin can remove them. In your case, you will be able to remove a FIDO2 key and give it to another user (same for the WHfB with the workstation)

Hope this helps!

And as you say, "generic account" is not a great idea ;)