Yubikey shows in Azure 2FA methods as "Passkey (other device-bound)"

Question

Dear all,

• We have a user who has been assigned a Yubikey for 2FA logging into Windows / Active Directory domain
• I use this url to audit the 2FA methods used by our users:

Authentication methods - Microsoft Azure

• The 2FA method listed in the audit results for this user is:

Passkey (other device-bound)

• I humbly find that surprising for a Yubikey
• I comment so since I'd have expected the Yubikey to be listed as: "FIDO2 Security Key" (since FIDO2 Security Key is listed as a filterable method at the above url)
• Can someone guide me please to what I am mis-understanding?

Thanks for any help.

Regards,

Steve

Answer 1

Hi SteveCRF ,

As of this month (January 2024), the term "passkey" has started displaying for Windows Hello and FIDO2 security keys. This is documented in the announcement for changes to FIDO2 authentication methods and Windows Hello for Business. Passkey (other device-bound) will appear in the Auth Usage & Insights (Opens in new window or tab) blade and in Graph API. https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#public-preview---changes-to-fido2-authentication-methods-and-windows-hello-for-business The documentation says, "The existing end user sign-in option for Windows Hello and FIDO2 security keys will be renamed to “Face, fingerprint, PIN, or security key”. The term “passkey” will be mentioned in the updated sign-in experience to be inclusive of passkey credentials presented from security keys, computers, and mobile devices."

Let me know if this helps and if you have further questions.

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.