How to register a FIDO2/U2F key for Micro$0ft o365 Users

User registration and management of FIDO2 security keys

1. Browse to https://myprofile.microsoft.com.
2. Sign in if not already.
3. Click Security Info.
   1. If the user already has at least one Azure AD Multi-Factor Authentication method registered, they can immediately register a FIDO2 security key.
   2. If they don’t have at least one Azure AD Multi-Factor Authentication method registered, they must add one.
   3. A Administrator can issue a Temporary Access Pass to allow the user to register a Passwordless authentication method.
4. Add a FIDO2 Security key by clicking Add sign-in method and choosing Security key.
5. Choose USB device or NFC device.
6. Have your key ready and choose Next.
7. A box will appear and ask the user to create/enter a PIN for your security key, then perform the required gesture for the key, either biometric or touch.
8. The user will be returned to the combined registration experience and asked to provide a meaningful name for the key to identify it easily. Click Next.
9. Click Done to complete the process.

Sign in with passwordless credential

In the example below a user has already provisioned their FIDO2 security key. The user can choose to sign in on the web with their FIDO2 security key inside of a supported browser (such as Chrome) on Windows 10 version 1903 or higher.

Once entered, the user may be prompted for their PIN, they should enter their PIN and click “Next“. The use should then perform the gesture (press the button) for the key or bio-metric device.