# How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11
### 1. Add the user to the AD
1. Sign in to the [Azure portal](https://portal.azure.com/).
2. Go to **Azure Active Directory → Users**.
3. Click **New User**, fill in the required fields.
4. Click **Create**.
* The new user will appear in the list and will be ready for login.
### 2. Enable Authentication Methods and FIDO2 Keys
1. Sign in to the [Azure portal](https://portal.azure.com/) with a **Global Admin** or **Security Admin** account.
2. Go to **Azure Active Directory → Security → Authentication methods**.
3. Select **Passkey (FIDO2)**.
4. Set **Enable** to **Yes** → Click **Save**.
* A success notification will appear.
5. (Recommended) Also, enable passwordless sign-in via the **Microsoft Authenticator app**.
*Reference:* [*Microsoft official instructions*](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-windows#enable-security-keys-for-windows-sign-in)
### 3. Join a PC to Microsoft Entra ID (Azure AD)
1. On the workstation, go to **Settings → Accounts → Access work or school → Connect**.
2. Click **Join this device to Microsoft Entra ID (Azure Active Directory)**.
3. Enter the user’s Azure AD login and temporary password → set a new password.
4. Click **Join** to confirm.
5. Verify the new account appears in **Settings**.
* You can now log in with the Azure AD password.
* System may prompt you to set up MFA (e.g., via phone) and a Windows PIN.
6. Click the "Join" button:
7. Verify that the new account appears in **Settings**.
* Users can now log in with their Azure AD account.
* The system may require **multi-factor authentication (MFA)** and a **Windows PIN**.
### 4. Enable FIDO2 Logon Support on Windows
1. Apply the provisioning package **FIDO enable package.ppkg (7KB)** to configure Windows for FIDO2 login.
* Double-click the file, **or**
* Go to **Settings → Accounts → Access work or school → Add a provisioning package**.
{% file src="" %}
{% hint style="info" %}
This package configures Windows to allow FIDO2 security keys (such as Hideez Key) for passwordless login. Run it by double-clicking or applying via the “Access work or school” > “Add a provisioning package” option in Windows settings.
{% endhint %}
### 5. Register a Security Key in Microsoft Account
1. Sign in at [My Profile](https://myprofile.microsoft.com/).
2. Go to **Security Info** → add a phone number (required for MFA).
3. Pair the **Hideez Key** with Windows.
{% embed url="" %}
4. In **Security Info**, click **Add Method → Security Key**.
5. Follow the prompts:
* Insert or tap the security key.
* Enter the **PIN code** of your security key when requested.
* **Press the button** on the key (or tap NFC) to confirm.
* Assign a name to the key.
6. Confirm the key is listed among available authentication methods.
Now you can use [unlock PC by Security Key scenario](https://enterprise.hideez.com/use-cases/fido-security-key/unlock-pc-by-security-key).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://enterprise.hideez.com/faq/hideez-key/how-to-enable-fido2-passwordless-authentication-with-microsoft-azure-ad-for-use-with-windows-10.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
