Cannot register FIDO2 Key

Question

Hello,

we enabled FIDO2 registration for our tenants. Tried it first with YubiKey Bio - FIDO Edition, which works flawless with TAP issued to the user, true passwordless as intended.
This Key is not cheap, so we went for a 15$ token2 FIDO2 Stick with only Pin Authentication.

Link: https://www.token2.com/shop/product/token2-t2f2-typec-fido2-and-u2f-security-key

But i cannot enroll the stick in any tenant via https://aka.ms/securityinfo

Error ist https://mysignins.microsoft.com/security-info#fidoProvisionError=InvalidCanary with some additional generic Error Message popping up "sorry we ran into a problem"

Error appears on both tenants, both time it was tested with users where the YubiKey just works fine.

Has anyone had similar experiences or has a suggestion on how to fix this?

EDIT: Already disabled "Enforce attestation" in Azure AD

EDIT2: Checked Authentication methods | Registration and reset events, there is an event for FIDO2 registration which says "success". Key is not working nonetheless

Regards

Answer 1

Hi,

Did you checked this article and followed the steps? Do you enrol in 10 seconds after plugging in? As per the article "Please note that as per Microsoft's requirement "FIDO2 reset commands are only valid in the first 10 seconds of one power cycle". While this is well documented in the FIDO2 manufacturer guide, this was not made evident for end-users in the UI of the current Windows 10 Control Panel. So, if during the reset operation you get an error, please redo the operation and try to complete the reset within 10 seconds after you plugged the key to USB.

passwordless-authentication-in-azure-ad-with-token2-fido2-keys

Hope this helps.
JS

==
Please Accept the answer if the information helped you. This will help us and others in the community as well.