How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11

1. Add the user to the AD

  1. Sign in to the Azure portal.

  2. Go to Azure Active Directory → Users.

  1. Click New User, fill in the required fields.

  1. Click Create.

  • The new user will appear in the list and will be ready for login.

2. Enable Authentication Methods and FIDO2 Keys

  1. Sign in to the Azure portal with a Global Admin or Security Admin account.

  2. Go to Azure Active Directory → Security → Authentication methods.

  3. Select Passkey (FIDO2).

  1. Set Enable to Yes → Click Save.

  • A success notification will appear.

  1. (Recommended) Also, enable passwordless sign-in via the Microsoft Authenticator app.

Reference: Microsoft official instructions

3. Join a PC to Microsoft Entra ID (Azure AD)

  1. On the workstation, go to Settings → Accounts → Access work or school → Connect.

  2. Click Join this device to Microsoft Entra ID (Azure Active Directory).

  1. Enter the user’s Azure AD login and temporary password → set a new password.

  2. Click Join to confirm.

  3. Verify the new account appears in Settings.

    • You can now log in with the Azure AD password.

    • System may prompt you to set up MFA (e.g., via phone) and a Windows PIN.

  4. Click the "Join" button:

  1. Verify that the new account appears in Settings.

  • Users can now log in with their Azure AD account.

  • The system may require multi-factor authentication (MFA) and a Windows PIN.

4. Enable FIDO2 Logon Support on Windows

  1. Apply the provisioning package FIDO enable package.ppkg (7KB) to configure Windows for FIDO2 login.

    • Double-click the file, or

    • Go to Settings → Accounts → Access work or school → Add a provisioning package.

This package configures Windows to allow FIDO2 security keys (such as Hideez Key) for passwordless login. Run it by double-clicking or applying via the “Access work or school” > “Add a provisioning package” option in Windows settings.

5. Register a Security Key in Microsoft Account

  1. Sign in at My Profile.

  2. Go to Security Info → add a phone number (required for MFA).

  1. Pair the Hideez Key with Windows.

  1. In Security Info, click Add Method → Security Key.

  1. Follow the prompts:

  • Insert or tap the security key.

  • Enter the PIN code of your security key when requested.

  • Press the button on the key (or tap NFC) to confirm.

  • Assign a name to the key.

  1. Confirm the key is listed among available authentication methods.

Now you can use unlock PC by Security Key scenario.

Last updated

Was this helpful?