How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11

1. Add the user to the AD

  1. Sign in to the Azure portal.

  2. Go to Azure Active Directory → Users.

  1. Click New User, fill in the required fields.

  1. Click Create.

  • The new user will appear in the list and will be ready for login.

2. Enable Authentication Methods and FIDO2 Keys

  1. Sign in to the Azure portal with a Global Admin or Security Admin account.

  2. Go to Azure Active Directory → Security → Authentication methods.

  3. Select Passkey (FIDO2).

  1. Set Enable to Yes → Click Save.

  • A success notification will appear.

  1. (Recommended) Also, enable passwordless sign-in via the Microsoft Authenticator app.

Reference: Microsoft official instructions

3. Join a PC to Microsoft Entra ID (Azure AD)

  1. On the workstation, go to Settings → Accounts → Access work or school → Connect.

  2. Click Join this device to Microsoft Entra ID (Azure Active Directory).

  1. Enter the user’s Azure AD login and temporary password → set a new password.

  2. Click Join to confirm.

  3. Verify the new account appears in Settings.

    • You can now log in with the Azure AD password.

    • System may prompt you to set up MFA (e.g., via phone) and a Windows PIN.

  4. Click the "Join" button:

  1. Verify that the new account appears in Settings.

  • Users can now log in with their Azure AD account.

  • The system may require multi-factor authentication (MFA) and a Windows PIN.

4. Enable FIDO2 Logon Support on Windows

  1. Apply the provisioning package FIDO enable package.ppkg (7KB) to configure Windows for FIDO2 login.

    • Double-click the file, or

    • Go to Settings → Accounts → Access work or school → Add a provisioning package.

7KB
FIDO enable package.ppkg

This package configures Windows to allow FIDO2 security keys (such as Hideez Key) for passwordless login. Run it by double-clicking or applying via the “Access work or school” > “Add a provisioning package” option in Windows settings.

5. Register a Security Key in Microsoft Account

  1. Sign in at My Profile.

  2. Go to Security Info → add a phone number (required for MFA).

  1. Pair the Hideez Key with Windows.

  1. In Security Info, click Add Method → Security Key.

  1. Follow the prompts:

  • Insert or tap the security key.

  • Enter the PIN code of your security key when requested.

  • Press the button on the key (or tap NFC) to confirm.

  • Assign a name to the key.

  1. Confirm the key is listed among available authentication methods.

Now you can use unlock PC by Security Key scenario.

PreviousIs the Hideez Key allowed on planes?

Last updated

Was this helpful?