25,081 questions
This is what works for me:
More info:
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-passkey-fido2
User failed to register Passkey
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 73%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
David Wheat
5
Reputation points
I briefly disabled the Security -> Authentication Methods -> Passkey (FIDO2) policy to test something. Since turning it back on, I can't complete login and setup for new user accounts. I'm creating a test account with Global Administrator role, then attempting to log in. I get pass the password page and am asked to set up the Authenticator app, which all works. Then I'm prompted to create a passkey and nothing works. I get an error in the user logs "User failed to register Passkey" The UI shows "Passkey not registered. We were unable to register the passkey you attempted to add. Please Try again."
Policy settings are:
- Allow Self-Service Setup = Yes
- Enforce Attestation = Yes
- Enforce Key Restrictions = No
I have tired Windows Hellos (fingerprint) as well as adding a passkey to Authenticator. Neither work. I can't add any new admin accounts because of this and I don't know how to fix it.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
3 answers
Sort by: Most helpful
-
Andy David - MVP 157.5K Reputation points MVP Volunteer Moderator2025-01-27T12:56:58.1766667+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2025-01-28T14:42:57.4666667+00:00 Hello @David Wheat,
Thank you for reaching out to Microsoft Q&A.
We understand that you are experiencing the below error when you are trying to register Passkeys: "Passkey not registered. We were unable to register the passkey you attempted to add. Please Try again."
Hope the above suggestions by @Andy David - MVP worked for you.
In addition to that could you please change Enforce Attestation = No and check if you are able to register the passkeys.
There are few other scenarios where this error may occur: If the used provider is not Microsoft Authenticator or Windows hello as Microsoft Entra ID currently supports device-bound passkeys stored on FIDO2 security keys and in Microsoft Authenticator. Ensure that you have added Authenticator as a passkey provider and also tried to register passkey from Security info page as suggested in the below document. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS
Also, check if you have enabled authenticator app as a passkey provider in "Personal" profile? If yes click on the "Work" tab and enable Authenticator as a passkey provider there and try again?
Hope this helps. Do let us know if you any further queries.
Thanks & Best Regards
Janaki Kota
-
Anonymous
2025-01-29T12:42:25+00:00 Hello @David Wheat,
Following up to see if the above suggestion was helpful. And, if you have any further query do let us know.
-
Anonymous
2025-01-30T14:10:40.96+00:00 Hello @David Wheat,
Following up to see if the above suggestion was helpful. And, if you have any further query do let us know.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 73%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Thomas 0 Reputation points2025-02-06T13:10:07.5033333+00:00 Hello,
we've got the same error when creating passkeys with either authenticator or Windows Hello.
Thanks for the described solutions.
This problem is gone anyway, as soon as the Passkeys go GA and no key restrictions are necessary anymore, correct?
Regards,
Thomas-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 80%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Mark Valpreda 5 Reputation points2025-02-13T20:01:46.2566667+00:00 I have the same issue when trying to add a Passkey. I have Enforce attestation off and no key restrictions.
Sign in to comment -