How to fix "Getting ready" timeout YubiKey Bio with AzureAD joined Windows 11 Enterprise

Question

Hi all,

We've been experimenting with true passless authentication for our workstations, and have an issue that is not described anywhere online where we can find.

Our setup is as follows;

Windows 11 Enterprise system (which is AzureAD joinend via the user that is logged in)

User that is AD Azure enrolled

YubiKey Bio

The process;

• Configure PIN + fingerprint via Windows Signin Options (security key)
• Add key to the user account via https://mysignins.microsoft.com/
• Lock the system, insert the key, it recognizes the key, asks for the fingerprint, accepts it -> now the issue occurs;
• It enters a process where it says "Getting ready" -> and has a timeout after 30s which resets the login screen to normal.

The issue does not give any explicit errors, nor can we find obvious things in the Windows Event Logs.

We already tried tens of possible combinations of the process, setting up the key via Chrome instead of Windows Hello, only adding it to M365 online, etc -> none of it has worked thus far.

We are absolutely sure FIDO is enabled in Azure for the user, and we also have an Intune policy in place to change the required registry key (this is also confirmed on the system itself).

We're also in conversation with Yubico about this issue.

Answer 1

Hello there,

You can check the latest Known issues in FIDO2 security keys in Azure AD and see if you can find the issue, If not it is suggested to use the feedback app to report the issue.

This article covers frequently asked questions for hybrid Azure AD joined devices and passwordless sign-in to on-prem resources. With this passwordless feature, you can enable Azure AD authentication on Windows 10 devices for hybrid Azure AD joined devices using FIDO2 security keys.

Troubleshooting for hybrid deployments of FIDO2 security keys in Azure AD https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-troubleshoot

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–

Answer 2

Hello there,

You can check the latest Known issues in FIDO2 security keys in Azure AD and see if you can find the issue, If not it is suggested to use the feedback app to report the issue.

This article covers frequently asked questions for hybrid Azure AD joined devices and passwordless sign-in to on-prem resources. With this passwordless feature, you can enable Azure AD authentication on Windows 10 devices for hybrid Azure AD joined devices using FIDO2 security keys.

Troubleshooting for hybrid deployments of FIDO2 security keys in Azure AD https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-troubleshoot

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–