A box will appear and ask you to create/enter a PIN for your security key.Add a FIDO2 Security key by clicking Add method and choosing Security key.If these two conditions are observed, the device will appear and be ready to use in the Microsoft Intune Admin Center. If you have successfully activated the Intune license and assigned it to the user, you get the Microsoft Intune value for the MDM column.Īlso, be sure that the Compliant column has an OK value. Log in to your Azure portal and navigate to Azure Active Directory → Devices → All devices. If the device is Azure AD joined, the status for AzureAdJoined=Yes To check if the devices are Azure AD joined or not, you can open cmd and run dsregcmd /status A local administrator privilege on the machine.An Azure AD tenant which licensed to use Azure MFA functions (Intune license is needed for this particular guide).An Azure-joined Computer with Windows 10 - 1903 or higher.Having Intune is not a requirement, you can achieve the same using registry modification method.
Please note that this guide uses Intune enrollment. The guide below will walk you through the steps required to enable Token2 FIDO2 Security keys as the default sign-in option for Windows. The access is still protected by two factors in this case:ġ) having physical access to the security key andĢ) PIN or Fingerprint (on devices with biometrics support) configured on the FIDO2 Security keys Once enabled, the users will be able to sign in to their accounts and log onto their Azure-joined machines using FIDO2 Security keys. Using Token2 FIDO2 security keys as the default sign-in option for Windows (Intune method)įIDO2 based Passwordless technology allows users to use a USB key to sign in to Azure AD without using passwords.
0 kommentar(er)
