Enforcing Passwordless Logins with AADJ Windows 10 and Endpoint Manager Intune (Part 2)

In the last blog post, we enabled FIDO2 security key logins with Windows 10 on our AADJ Windows machines, but users are still able to login with username/password. What if we want to enforce a FIDO2 Security Key or Windows Hello for Business login?

FIDO2 Security Key for Windows 10 (Part 1)

As companies like Yubico announce the next generation of YubiKeys with biometrics, let’s take a look at what is actually possible today with Azure AD Joined Windows 10 devices. Microsoft pushes us closer and closer to passwordless login options, but without a domain and GPOs available, some of our clients are left wanting. In this series of blog posts, I am going to walk through the setup of a FIDO2 device in Azure AD and Windows 10, and later apply Intune policies to alter login options.