Passwordless authentication - Azure AD joined shared workstations

Docs Forum User 6 Reputation points


I've read and watched a few videos on passwordless Azure AD authentication using FIDO2 keys and am wondering if can leverage this technology in my environment. I have several hundred shared workstations, and our users might use any one of them at any time. Can I purchase supported FIDO2 keys for each of my users, then have them register their assigned key on the combined registration experience site and choose a PIN, and then they'll have access to log into any one of the shared workstations at any time using that key and the PIN they chose?

Thank you

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,765 questions
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Saurabh Sharma 17,366 Reputation points Microsoft Employee

    Yes, you can enable your users to be able to sign in to Azure AD using FIDO2 security keys (like YubiKeys and Feitan) however, FIDO2 security keys is a public preview feature for Azure Active Directory (not recommended for production use until the feature goes GA) and currently supports Azure AD Joined PC's only. Please refer to the documentation for details. Refer to document - Enable passwordless security key sign-in (preview)

    0 comments No comments

  2. Docs Forum User 6 Reputation points

    oh fantastic, thank you for your reply. One more question, will I be able to make it mandatory that the users must use their FIDO2 key + PIN (MFA) at the Windows login screen on all our computers, and have no option to just use their Azure AD account password (no MFA) instead?