Passwordless authentication - Azure AD joined shared workstations

Docs Forum User 6 Reputation points
2020-02-20T15:55:11.177+00:00

Hello,

I've read and watched a few videos on passwordless Azure AD authentication using FIDO2 keys and am wondering if can leverage this technology in my environment. I have several hundred shared workstations, and our users might use any one of them at any time. Can I purchase supported FIDO2 keys for each of my users, then have them register their assigned key on the combined registration experience site and choose a PIN, and then they'll have access to log into any one of the shared workstations at any time using that key and the PIN they chose?

Thank you

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Saurabh Sharma 23,661 Reputation points Microsoft Employee
    2020-02-21T21:12:16.967+00:00

    Yes, you can enable your users to be able to sign in to Azure AD using FIDO2 security keys (like YubiKeys and Feitan) however, FIDO2 security keys is a public preview feature for Azure Active Directory (not recommended for production use until the feature goes GA) and currently supports Azure AD Joined PC's only. Please refer to the documentation for details. Refer to document - Enable passwordless security key sign-in (preview)

    0 comments No comments

  2. Docs Forum User 6 Reputation points
    2020-02-21T21:20:59.427+00:00

    oh fantastic, thank you for your reply. One more question, will I be able to make it mandatory that the users must use their FIDO2 key + PIN (MFA) at the Windows login screen on all our computers, and have no option to just use their Azure AD account password (no MFA) instead?