Hey everyone, I'm running into an issue with the MFA (Multi-Factor Authentication) rollout for Microsoft 365 and I'm hoping someone here can help. We bought a few FIDO2 security keys a month ago for testing, and during that time, using a Security Key was available as an option in the Initial Setup wizard right after you log in with your Microsoft ID and password. Now, however, it seems like only the options for Authenticator, Hardware Token, and Phone Number are showing up during the initial setup.
What happened? Did Microsoft change their approach? Is there any way to enable the Security Key option at this stage? I've looked through the Admin Console but can't find any settings that would allow this. It's also worth mentioning that although I can complete setup with the Authenticator, then go to the Security page and add the Security Key afterward, it's not practical since we wanted to keep our deployment as hands-off as possible.
1 Answer
You can customize which MFA methods are available for your organization! Make sure to check the settings in Entra under Authentication methods - Policies. That should give you control over enabling Security Keys if they are already allowed in your organization.
Here’s a link to the documentation: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods-manage
Thanks for the info! We've already set FIDO2 Security Keys as an allowed option, and they work fine. The issue is that they're not showing up during the initial MFA setup anymore. The interface has changed, and we're down to just Authenticator, Hardware Token, and Phone Number now.