Hi @Jon Kilner
Thank you for posting your issue on Microsoft Q&A.
I understand that you are trying to set up MFA for the break-glass accounts, setup the YubiKey. You are told that accounts first need to setup an alternative MFA method before the key can be enrolled.
Yes, you need to Sign in with multifactor authentication (MFA) before adding a passkey, if you don't have at least one MFA method registered, you must add one. If not, there would be no way to verify the identity of the user attempting to enroll the YubiKey.
To setup passkey it is mandatory to sign in with multi factor authentication.
Enabling more than one MFA method so that users have a backup method available in case their primary method is unavailable. Having an existing MFA method provides a security layer to protect the account during the YubiKey enrollment process.
Hope this helps. Do let us know if you have any further queries.
If this answers your query, do click `Accept Answer`
and `Yes`
.
Thanks,
B. Siri Chandana.