For the end-user to use the FIDO2 security key, the security key first needs to be registered in Azure AD.
First, make sure your browser (like Edge, Chrome, Firefox) supports WebAuthn.
Then, navigate to the following link, and sign in.
Under Security info click Add method.
Pick Security key from the drop-down list and click Add.
Select USB Device.
Insert the FIDO2 security key.
Your PC will redirect you to a new window to finish setup.
Follow the instructions described in the new window.
Click Continue in the pop-up screen.
Create a PIN for this security key and enter the PIN a second time. Click OK.
Touch the Security key.
Give your security key a Name, so you can identify your key, and click Next.
You`re all Set! Registration of the security key is finished.
The security key is listed as one of the sign-in methods.
Open a browser which supports WebAuthn, such as Chrome and the new Chromium based Edge browser.
Click Sign-in options
Click Sign in with a security key
Insert your FIDO2 security key
Enter the PIN of the security key
Touch the key, and your are signed-in to the Office 365 portal without providing your username and password!