![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 7.000000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBT%3C/text%3E%3C/svg%3E)
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
11,360 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello Beni Tóth,
Thank you for posting in Q&A forum.
The “Security Key” section in Windows’ Sign‐in Options (usually seen in Windows 10/11) is always present as part of the Windows Hello suite—even if you aren’t using one. In most cases, if you haven’t registered a security key, you won’t be using that method to sign in.
However, if you want to remove or block the functionality entirely (for example, in an organization or if you don’t want anyone using a security key), here is the suggestion for your reference:
1. Remove a Registered Security Key (For Individual Users)
If you’d registered a security key and just want to remove it so that it’s no longer available as an option, you can do the following:
1.Open Settings.
2.Navigate to Accounts > Sign‑in options.
3.In the “Security Key” section, click on “Manage” (or “Remove,” if available).
4.Follow the prompts to deregister or remove the key.
5.Note that once removed, you simply aren’t using that method—but the “Security Key” entry will still appear in Settings.
2. Remove or Hide the Security Key Option (For Administrators/Enterprise)
If you want to “disable” or hide the option entirely so that end users don’t see or use it, you’ll need a policy-based solution. There are two common methods:
Group Policy
In environments using an Active Directory Group Policy, you can restrict Windows Hello features. Although Microsoft does not currently offer a single “disable Security Key” policy, you can disable Windows Hello for Business entirely. This, however, also disables other Windows Hello options (like facial recognition or PIN), so check if it suits your organization’s policies.
Azure AD (for Azure-enrolled/Cloud-Managed devices)
If your organization uses Azure AD, you can disable FIDO2 Security Key authentication through the Azure Portal. In Azure AD, under “Security” → “Authentication methods,” you can control which methods are available for users. By turning off support for FIDO2 security keys there, users won’t be able to register or use them—even though the Settings page may still show the option, it won’t be functional.
Allow or block specific FIDO2 security keys in Azure
Here is a similar thread for your reference.
Other references
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.