Just a quick post how it looks like when you enroll a security key in the form of Yubikey from Yubico. I have a YubiKey 5, with support for USB-A and NFC, there are a multiple other key option depending on your needs, you should try their Quiz to find the right key for you: https://www.yubico.com/quiz
To get everything here to work you need to enable the authentication options in your tenant. There is a nice How-to guide for security key so I will not cover the pre-requirements here, just the end-user experience
When this is done browse this url: https://myprofile.microsoft.com and click Security info
You should get to a page looking like this, if you don’t, make sure you hit all requirements in your tenant and assign it to right users.
Click + Add method above the first sign-in method Phone
Press the security key that you have, USB or NFC device
I’m using the new excellent Edge chromium browser and it will ask me for some permission
Sorry for the Swedish here, but the important text is in English (strange mix of language here, but still in preview 🙂 )
So after inserting the key, it will ask me for a pin and then it will ask you to touch the key to check for physical presence.
Again it will ask for some permissions in Edge
And now you are back to the my profile and Security Info, it will ask you to name the security key and info you that everything was good!
So long so good, now the key is enrolled, but does it work? Lets try!
First I will logout from all sessions, close the browser and open a new fresh window and browse to my favorite site, https://devicemanagment.microsoft.com
The sign-in page show up, and now you have to press the option at the bottom “Sign in with a security key”
You will be redirected to a prompt from Windows, telling you to insert the security key
When the key is inserted, enter your pin code, press OK
and now time to touch the key again, to verify you are in front of the computer
In my case, I get an option to select what account to sign-in with. My key was previously enrolled with a personal MSA account and now a business account. So my key secures both the private and the business account now, really nice. So in this case I select my business account and then I’m redirected to my Device management Dashboard!
This is a really nice feature, just keep in mind to have a backup authentication method if you loose your YubiKey 🙂
What about you? Have you tried it out yet or are you testing?