23H2 Passkeys: default to security key instead of mobile devices

Copper Contributor

Microsoft invested time & money to introduce Passkeys in Windows 11 23H2, as it should. Unfortunately, it defaults to a mobile device (iPhone, iPad or Android device) everytime you try to log on. This is very annoying for everybody that is using a Security Key (FIDO2). Before we just needed to enter our PIN but now we need multiple clicks to log on. I'm not aware of a solution to manage these options (manually or through Intune). 


Is anyone aware of a solution? I'm quite amazed Microsoft didn't think of this.

2 Replies

@VNDCK This!  Exactly!  I've been so frustrated for the last month.  This is the second time in a short time that Microsoft has changed something rather fundamental without letting the community know ahead of time (I won't enumerate the details here but the timing coincided with the rename of Azure to Entra Identity) and changed the way it works for those with trying to implement conditional access. 

It just feels so broken now when it doesn't remember your preferences or let you specify a preference.  I would expect with the introduction of a new feature like this it would have a way to properly customize the user experience. Security should be easier to implement not make life more difficult.

This is super annoying! Does not make any sense the amount of clicks that I have to do now to choose the security key. Why not the option to select a default?