This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 87%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVB%3C/text%3E%3C/svg%3E)
Hello,
I have configured FIDO2 as the only sign-in method for my tenant. It is also enforced through CA policies as phishing resistant MFA. Our FIDO2 keys are NFC compatible.
The NFC experience from an Iphone is similar to the browser and works great: You click on "Sign-in options", choose security key, activate the key, enter PIN, activate the key again and you are in.
The NFC Experience for Android users is a bit different: users are immediately prompted with "No Passkeys Available" when trying to sign - in to o365 through the browser (see attached). Users are also not able to sign in to Teams / Outlook apps on their android phone.
It seems like the policies are not recognizable on the devices. Please point me in a right direction.
Thanks
I dont think alot of that is supported with Android yet:
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-fido2-compatibility
Thank you for the response. Is it fair to assume that my other FIDO2 sign-in experience option would be through the passkeys stored in Microsoft Authenticator? https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-authenticator-passkey
yes, now thats in preview you can test - however since you have already enabled FIDO keys , you may not see that authenticator option until it goes GA.
I was actually able to use FIDO2 security key on Android phone as a USB device to sign-in in the browser, it's just not NFC compatible. I, however, cannot sign - in to outlook / teams apps with the FIDO2 key. Will enabling FIDO2 passkey in Authenticator solve this problem?
well, in theory yes, however .. If you have already enabled FIDO keys in Azure, you probably wont have the ability to enable it for Authenticator till it goes GA
I checked FIDO2 policy, and I have the option to enable it, so I assume it'll work? I'll test it and respond to this thread with the results.
AH cool. Lucky you then! Yes, test and let us know.
To clarify - according to this doc: https://support.microsoft.com/en-us/account-billing/signing-in-with-a-passkey-09a49a86-ca47-406c-8acc-ed0e3c852c6d
"Creating a passkey" section step 3 asks to select "Passkey or Passkey in Microsoft Authenticator as a sign-in option but it's not available for me. Here's all of my available sign-in options:
How do I process here?