How to Register a FIDO2 Security Key for MFA

Topic

The purpose of this article is to show how to register a FIDO2 Security Key for use in MFA and SSPR (Self-Service Password Reset) in Azure Entra ID.

Prerequisites: 

  • FIDO2 security key (Compatible List)
  • Compatible OS/browser combination (Compatible List)
  • MFA TAP, aka Temporary Access Pass (if MFA is not yet set up; contact the Helpdesk to obtain)
 

Instructions

Sign Into Microsoft Security Info

Add Security Key

  • Click "Add sign-in method".
  • Select "Security key" from the dropdown menu, and click Add.
  • Complete MFA once again to set up security key.
  • Select type of security key, and click next.
  • Your browser will prompt you to insert your security key.
    • Click "Use a different device" if it defaults to using a Bluetooth or NFC key.
    • Touch the key's button after insertion.
  • Set or enter a PIN for the key.
  • IMPORTANT: If prompted to allow or deny additional key information from being sent to Microsoft, be sure to allow.  This information is needed to validate the key's manufacturer.

The key should now be added to your sign-in methods.  You can change the default sign-in method from the "Security info" page to be the key if desired.

Using FIDO2 Security Key

When prompted for MFA:

  • Click either "I can't use my Microsoft Authenticator app right now" or "More options" (if key isn't set as default sign-in method).
  • Wait for browser prompt, then insert security key and touch button.
  • Enter PIN, and touch button for confirm.

 

Need more help?

If you cannot find your answer here or related articles, please view the section "Related Services / Offerings" to open a ticket.

Please provide feedback on this article, especially if it is not accurate or providing an answer you expect. Select "Yes" or "No" below where is asks "Was this helpful?" This feedback helps us and the rest of the community provide better resources.

Print Article

Details

Article ID: 8381
Created
Thu 10/12/23 6:26 PM
Modified
Wed 1/3/24 11:34 AM