I'm trying to figure out how to get the Fido security key to show up as an option when I run the command prompt as an administrator. We have a hybrid join setup, and the Fido key is already enrolled in Entra and works for logging into Windows. I've read that I should be able to use the Fido key instead of a Windows password in the security prompt, but nothing I've tried has worked. What am I missing?
3 Answers
Unfortunately, you can't use the Fido key directly for UAC prompts out of the box. It's different from Windows Hello. One alternative could be to try using a Yubikey in PIV mode, but it could be a bit complicated to set up. The easier route would be to look into third-party solutions like Duo, which supports this functionality more seamlessly.
I don't think switching to an Entra join will change anything. Fido2 keys typically only come into play when the credential provider is involved, which usually happens in GUI-based authentication, not the command line.
I think you're right about the UAC dialog. The prompt that appears when running cmd as admin doesn't trigger the Fido2 key since it's not associated with the credential provider process.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures