Hi Perumallapally, John Austeen,
Thank you for posting in the Q&A Forums.
Comments Off on Yubico 5c security key to log in to Windows 11 devices
Confirm Windows 11 support:
First, make sure your Windows 11 device supports logging in with a security key.Windows 11 natively supports FIDO2 security keys, but you may need to make sure your device has been updated to the latest version of Windows that supports this feature.
Check the security key configuration:
Ensure that the Yubico 5c security key has been properly registered to your Microsoft account and that the necessary settings have been made as required by Microsoft.
Check AD and Azure AD configuration:
Since your account sits on an AD (Entra ID) that has been added to the mix, check that Azure AD Connect or your identity synchronization solution is properly configured to support the security key. This may require administrator privileges to view and modify the relevant settings.
Check group policies and local policies:
Check if any group policies or local security policies prevent logging in with a security key. These policies may restrict certain users or devices from using the security key.
Check the event log:
Check the relevant entries in the Windows event logs, especially those related to security, logon, and authentication, for more detailed information about logon failures.
Contact Support:
If none of the above steps resolves the issue, it is recommended to contact Microsoft Support or your IT support team for more specialized assistance.
About bulk changes to device UPNs in AD domains
Assess the need:
Before making any bulk changes, make sure you fully understand the impact of changing the UPN and assess whether this is the best way to resolve the issue.
Use PowerShell scripts:
You can use PowerShell scripts to make bulk changes to the UPNs of devices in an AD domain. this typically involves querying AD for a list of devices that need to be changed and then updating their UPNs with the appropriate commands.
Consider using a third-party tool:
There are also third-party tools on the market that can help you manage devices in an AD domain in bulk, including changing UPNs. these tools may offer a more user-friendly interface and more robust features.
Develop a rollback plan:
Before making bulk changes, make sure you have a detailed rollback plan in place so that you can recover quickly if something goes wrong.
Execute changes and validate:
After executing bulk changes, be sure to verify that the changes were made as expected and check for any unintended side effects.
Notify users:
If the change affects user logins or other aspects, make sure that users are notified in a timely manner and provided with the necessary support and guidance.
Best regards
NeuviJ
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.