Since it is in Preview right now, you have to enable it on your tenant and I will show you how to do this further in the guide. So zumindest meine Erfahrung bei den Onlinediensten von MS. Ob sich das bei Windows anders verhält kann ich nicht sagen. I hope this guide has given you a bit of insight into the power of FIDO2 security keys with Azure AD. So if you’re ever in the same boat as me, either remember to do some warm-up stretches before authenticating or invest in a nice long USB extender. Reference: https://answers.microsoft.com/en-us/windows/forum/all/adding-a-security-key-for-pc-login-in-windows-10/ffd27920-5c51-4b04-afb8-21e1a6810536?page=2.
If the key and phone have NFC capability and it is enabled that may be one solution, otherwise the key would need to have a compatible USB connection. We will continue to invest in this space and look forward to sharing future updates. If you are using an OS older than Windows 10 1809 and the associated Edge browser, you may receive an error like this saying “We detected that this browser or OS does not support FIDO 2 security keys”. With a Security Admin or Global Admin account, sign in to portal.azure.com and go to Azure Active Directory > User Settings > Manage user feature preview settings: 2. Organizations will need to have a Trusted Platform Module (TPM) on the device to store these keys. I do not recommend attempting to retrieve FIDO2 keys from your users upon termination of employment and attempt to re-issue them to other users. Further I don't want to also have less secure methods (EMAIL, SMS, APP) TOTP/HOTP, Phone or backup codes active that could be abused to downgrade security if I already have several FIDO U2F or FIDO2 Hardware Security Keys registered. And it's nice that MS now supports FIDO U2F and FIDO2 but it's a bit useless if it intentionally only works with Edge, it should work with every browser that supports it and that are almost all now a day, because I don't want to be dependent of a specific browser. Yubico recently released a blog about this just after the September 2019 Apple iPhone 11 launch event last week: https://www.yubico.com/2019/09/yubico-ios-authentication-expands-to-include-nfc/. Na ja, nichts ist eben perfekt und oftmals kommen Informationen zu früh. Microsoft has been aligned with the Fast Identity Online (FIDO) working group from the start, the alliance represents 250 organizations from various industries on a joint mission to replace passwords with an easy to use strong credential.
Fully managed intelligent database services.
When are you going to allow migration of Microsoft Authenticator codes? I realize that WHB can use Pin and Biometrics data but we are looking for a seperate device MFA function. If you see anyone actually ingest a FIDO2 security key, you should probably call an ambulance immediately.