![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 19%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMI%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
A single FIDO2 security key can be used on multiple devices, but it must be registered for the specific Microsoft account and scenario where it is used. The key itself is reusable; the registration and configuration are per account and per service.
Key points relevant to this scenario:
- FIDO2 keys are tied to accounts, not devices
- A FIDO2 security key can be registered to multiple accounts and used across different supported devices and browsers.
- For Microsoft work/school accounts, the key must be registered as a verification method for that account, and the admin must have enabled FIDO2/passwordless sign-in.
- For Microsoft accounts (consumer), the key must be added via the account’s security settings before it can be used to sign in on any device.
- Device and configuration requirements
- To use a FIDO2 key for Windows sign-in (for example, on Surface Pro or another PC), the device must meet the Windows and Microsoft Entra (if work/school) requirements and be configured for FIDO2 sign-in.
- For Windows sign-in with FIDO2 keys in an Entra environment, Windows 10 version 1809 or later is required, with best experience on 1903 or higher, and devices must be properly joined and configured for passwordless security key sign-in.
- Using the same key on another PC
- If the PC is not configured for FIDO2 sign-in (for example, no FIDO2 security key sign-in method enabled, or not meeting the Entra/Windows requirements), the key will not be accepted for Windows logon.
- For web sign-in (such as MSN via browser), the Microsoft account must have the FIDO2 security key registered as a sign-in method. If that registration is not completed, MSN will not allow using the key for sign-in or for setting up 2FA.
- Managing and using the key
- On Windows 10, security key management is done via Settings > Accounts > Sign-in options > Security Key > Manage, where PIN/biometrics can be set or changed.
- For work/school accounts, the key must be registered as a verification method after the admin has enabled FIDO2 security keys and the device/browser requirements are met.
In practice, to use the same FIDO2 key on both Surface Pro and PC for the same Microsoft account:
- Ensure the Microsoft account has the FIDO2 key registered as a sign-in method in its security settings.
- Ensure each Windows device is configured and supported for FIDO2 security key sign-in if using it at the Windows logon screen.
- Use a supported browser and OS version when signing in to MSN or other Microsoft services with the key.
References:
- Sign in to your account with a security key
- Set up a security key as your verification method
- Enable FIDO2 security key sign-in to Windows 10 and 11 devices with Microsoft Entra ID
- Deployment frequently asked questions (FAQs) for hybrid FIDO2 security keys in Microsoft Entra ID
- Windows 365 Link sign-in methods