To enable the security keys as a sign-in option for Windows 10 devices, we have the system administrator has to use Microsoft Intune. In Intune, there There are two options:
(1) for all users - a tenant wide Windows Hello for Business setting for all users
...
- Click Create profile
- Give the policy a Name, e.g. "Enable FIDO 2 for Signin"
- Enter a Description Description for the policy (optional)
- Choose Windows 10 and later as the Platform
- Choose Identity protection as the Profile type
- On the Settings tab set Use security keys for sign-in to Enable
- Click OK
- Click Create
...
A new policy Enable FIDO2 for Signin has been successfully created. The next step is to assign
...
the policy
...
to the security group of choice
- Click Assignments
- In Assign to choose the group, then click Save.
Enable combined security information registration
...