Become a Microsoft-compatible FIDO2 security key vendor

Most hacking related breaches use either stolen or weak passwords. Often, IT enforce stronger password complexity or frequent password changes to reduce the risk of a security incident. However, this increases help desk costs and leads to poor user experiences as users are required to memorize or store new, complex passwords.

FIDO2 security keys offer an alternative. FIDO2 security keys can replace weak credentials with strong hardware-backed public/private-key credentials that can't be reused, replayed, or shared across services. Security keys support shared device scenarios, allowing you to carry your credential with you and safely authenticate to an Azure Active Directory joined Windows 10 device that’s part of your organization.

Microsoft partners with FIDO2 security key vendors to ensure that security devices work on Windows, the Microsoft Edge browser, and online Microsoft accounts. FIDO2 security keys enable strong password-less authentication.

You can become a Microsoft-compatible FIDO2 security key vendor through the following process. Microsoft doesn't commit to do go-to-market activities with the partner and evaluates partner priority based on customer demand.

  1. First, your authenticator needs to have a FIDO2 certification. We aren't able to work with providers who don't have a FIDO2 certification. To learn more about the certification, visit the FIDO Alliance Certification Overview website.
  2. After you have a FIDO2 certification, submit a request form to become a Microsoft-compatible FIDO2 security key vendor. Our engineering team only confirms the features supported by your FIDO2 devices. We don't retest features already tested as part of the FIDO2 certification and don't evaluate the security of your solutions. The process usually takes a few weeks to complete.
  3. After the engineering team successfully confirmed the feature list, we'll confirm vendor's device is listed in the FIDO Alliance Metadata Service.
  4. Microsoft adds your FIDO2 Security Key on Azure Active Directory backend and to our list of approved FIDO2 vendors.

Current partners

The following table lists partners who are Microsoft-compatible FIDO2 security key vendors.

Provider Biometric USB NFC BLE FIPS Certified Contact
AuthenTrend y y y y n
Ciright n n y n n
Crayonic y n y y n
Ensurity y y n n n
Excelsecu y y y y n
Feitian y y y y y
Fortinet n y n n n
Giesecke + Devrient (G+D) y y y y n
GoTrustID Inc. n y y y n
HID n y y n n
Hypersecu n y n n n
Hypr y y n y n
Identiv n y y n n
IDmelon Technologies Inc. y y y y n
Kensington y y n n n
KONA I y n y y n
Movenda y n y y n
NeoWave n y y n n
Nymi y n y n n
Octatco y y n n n
OneSpan Inc. n y n y n
Swissbit n y y n n
Thales Group n y y n y
Thetis y y y y n
Token2 Switzerland y y y n n
Token Ring y n y n n
TrustKey Solutions y y n n n
VinCSS n y n n n
WiSECURE Technologies n y n n n
Yubico y y y n y

Next steps

FIDO2 Compatibility