Enabling passwordless authentication
To enable passwordless authentication, you have to go to the Microsoft Entra admin center. Then, follow these steps:
- Go to Protection.
- Open Authentication methods.
- In the Manage menu, select Authentication methods.
Figure 13.37: Authentication methods
Figure 13.38: Authentication methods – Policies
- Enable the settings for (at least) sign-in and strong authentication.
Figure 13.39: FIDO2 Enable and Target
Figure 13.40: FIDO2 security key configuration
You can also use a key restriction policy to specify what FIDO2 keys your end users can leverage in your tenant, by entering an allow or block list of devices with an Authenticator Attestation GUID (AAGUID).
The FIDO2 specification requires each security...