What you’ll need:
- Enabled FIDO2 authentication in your Azure AD tenant, preferably by following my previous tutorial.
- A valid Intune license.
- A valid Azure AD user account which is FIDO2-enabled and licensed for Intune.
- A valid Azure AD user account with Global Administrator privileges.
- Windows 10 version 1903 or higher, which is enrolled in Intune.
|Note! If you don’t use Intune, you can also use a provisioning package to enable FIDO2-based passwordless authentication in Windows 10 version 1903. Check the official documentation.|
- Sign in to the Azure Portal (portal.azure.com) and go to the Intune blade.
- Navigate to Manage > All devices and make sure your Win10 device is enrolled to Intune and compliant, as shown below. If it’s not, you’ll need to enroll your device to Intune first.
- From the Intune blade, navigate to Device configuration. Then click Profiles.
Create a new profile by clicking + Create profile.
- Give it a name and clear description. Make sure to configure the following settings:
Platform: Windows 10 and later
Profile type: Custom
Then, click Settings and Add.
- Make sure to complete the form with following settings:
Name and description: FIDO2 for Windows Sign-In (or comparable description)
Data type: Integer
- Save the properties and go to Assignments. Set the assignment scope to the desired group of people or devices on which you would like to enable this feature.
In my case, I’ve assigned the profile to all users & all devices since I’m using a demo tenant.
Don’t forget to click Save.
- Make sure your Windows 10 device is powered on. You can monitor the assignment progress by switching to the Device status panel. Take a look at column Deployment status.
At first, you will find the status is Pending. After a few minutes it should switch to Succeeded automatically.
- You’re now ready to test the sign-in process. A new button (usb key as shown below) should appear.
- That’s it, you’re done 🙂 .
I hope you’ve enjoyed my tutorial and I would like to know if it was helpful for you.
Feedback and suggestions are always very welcome. Have a nice day!