Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

FIDO2 (YubiKey) + multiple Identities on one Key + AAD Joined Windows Sign In

Copper Contributor

Hi all,

 

I am deploying full passwordless sign in in many On Prem AD, AAD and hybrid environments in meantime. When using FIDO sign at a AAD joined Windows machine for User sign in and the FIDO key used has two or more AAD identities, Windows is always signing in with the last identity added. 

 

Example:

  1. Adding FIDO key to user 1 via MySignins
  2. Adding FIDO key to user 2 via MySignins
  3. Sign into Windows Computer with user01 and use Sign in via Security Key
  4. Windows is signing in as user02

This is 100% reproducable. Also I often see the sign in screen switching to "Other User", even if only one Identity is deployed on the Security Key.

I wonder if this is a bug or a feature or I am doing anything wrong?

 

Thanks

Tobi

0 Replies