A bug in the sign in with Security Key option for M365

Occasional Visitor

1. Register a pair of keys in M365.

2. On a PC you are presented with an option to sign in with a security key!

3. On a MAC you are presented with an option to sign in with a security key!

4. On ChromeOS you are not presented with that option.

 

ChromeOS supports FIDO2 and it works on many other sites.  It is only M365 that has this issue.  As a Partner I reached out to Microsoft support, who said Microsoft has dropped all support for ChromeOS.  I do not expect to run Word on a Chromebook, but I can run the web version of any of Microsoft tools on a Chromebook.  Why then, can I not have the same level of security on my account that I could if I was accessing the site on a PC or Mac?

 

Microsoft should fix this bug if they really care about security of their customer's accounts, no matter how they access the site.

   

1 Reply

@TrustSDS_Dave 

 

I can reproduce this issue.

I can use the same FIDO key as a second factor to sign into Chrome, as well as to sign into Office365 portal etc. This works fine when I view the Microsoft sign in page from a Windows machine (even in a Chrome browser), but from the Chrome OS when I select "Use a security key" under the Verify your identity prompt the page never loads. Using a code from the authenticator does work.