Versions Compared

Old Version 2

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Enable security keys for Windows sign-in

...

To enable security keys as a sign-in option for

...

Windows 10 devices

...

, the system administrator has to use Microsoft Intune. There are two options:

(1) for all users - a tenant wide Windows Hello for Business setting for all users

(

...

2) for a group of users - an Identity Protection configuration policy

...

for a group of users

Option 1: Tenant wide for all Users

Open a browser

...

and sign-in to the Microsoft Intune portal.

 

  • Click Windows Hello for Business
  • Set Configre Windows Hello for Business to Enabled
  • Set Use Security keys for sign-in to Enabled

  • Click Save

Option 2:  Identity Protection configuration policy

The advantage of using a configuration policy is that you can assign it to a group of users instead of all users.

  • Browse to Devices – Windows – Configuration profiles

Image AddedImage Added

  • Click Create profile

Image Added

  • Give the policy a Name, e.g. "Enable FIDO2 for Signin"
  • Enter a Description for the policy (optional)
  • Choose Windows 10 and later as the Platform
  • Choose Identity protection as the Profile type
  • On the Settings tab set Use security keys for sign-in to Enable
  • Click OK
  • Click Create

Image Added

A new policy Enable FIDO2 for Signin has been successfully created. The next step is to assign the policy to the security group of choice

  • Click Assignments 

Image Added

  • In Assign to choose the group, then click Save.

Enable combined security information registration

The second step is to enable combined security information registration. The feature needs to be enabled from the Azure (AD) Portal.

  • Sign-in to the Azure AD portal
  • Browse to Azure Active Directory – User settings

Image Added

  • Click Manage user feature preview settings

Image Added

  • Select All to switch on the features for all users
  • Click Save


Enable FIDO2 security keys as Authentication method

The third step is to enable FIDO2 security keys as Authentication method in Azure Active Directory.

  • In the Azure AD Portal browse to Azure Active Directory

 Image Added Image Added

  • Browse to Security – Authentication methods

Image Added

  • Click FIDO2 Security Keys

Image Added

  • Set ENABLE to Yes
  • Leave TARGET set to All or switch to Select users and select a security group
  • Click Save