Hey everyone! I'm currently testing out Windows Hello for Business (WHfB) in our environment, and I've got it working well with a PIN. However, I'm curious if I can use my YubiKey for login instead. I've read mixed information about this—some say it's possible while others suggest otherwise, which is confusing. During enrollment, I was able to sign in with my YubiKey, but it seems like I can't actually use it for regular computer logins. I want all users to be able to utilize their YubiKeys daily to prevent them from forgetting or losing them, but I'm starting to wonder if I've misunderstood something here. Is it even possible to use YubiKeys with WHfB, or am I missing something?
1 Answer
If you've already got Windows Hello for Business working, you might not really need the YubiKeys. WHfB is FIDO2 certified and offers strong phishing resistance while being super convenient. Just stick to WHfB, it's pretty solid!
But I want to roll out YubiKeys for all users to enhance the security of our 365 accounts. If they're only using the YubiKey when setting up a new device, they might forget about it entirely. What's the point if they have to have multiple methods for MFA anyway?