In the last blog post, we enabled FIDO2 security key logins with Windows 10 on our AADJ Windows machines, but users are still able to login with username/password. What if we want to enforce a FIDO2 Security Key or Windows Hello for Business login?
As companies like Yubico announce the next generation of YubiKeys with biometrics, let’s take a look at what is actually possible today with Azure AD Joined Windows 10 devices. Microsoft pushes us closer and closer to passwordless login options, but without a domain and GPOs available, some of our clients are left wanting. In this series of blog posts, I am going to walk through the setup of a FIDO2 device in Azure AD and Windows 10, and later apply Intune policies to alter login options.