Azure AD requires the security keys to be protected with a PIN code. The PIN can be set during the enrollment process, or changed later if needed.
To change the PIN or reset a FIDO2 security key, launch the Windows Sign-in options
Click Security Key
Click the Manage button
Insert your FIDO2 security key
Touch the key
Please note:
1 - If you reset a security key then you will have to re-enroll the key again (as a new FIDO2 security key)
2 - As per Microsoft's requirement "FIDO2 reset commands are only valid in the first 10 seconds of one power cycle", unfortunately this is not made clear to end-users in the UI of the current Windows 10. So, if during the reset operation you get an error below, please redo the operation and try to complete the reset within 10 seconds after you plugged the key to USB.
