As more and more of our customers move to cloud services and applications, we need to provide authentication options that are secure and easy to use. Today, we’re announcing the public preview of FIDO2 security keys support for passwordless sign-in to Azure Active Directory (Azure AD). Using a FIDO2 security key, the Microsoft Authenticator app, or Windows Hello, all Azure AD users can now sign in without using a password.

These strong authentication factors are based off the same world class, public key/private key encryption standards and protocols, which are protected by a biometric factor (fingerprint or facial recognition) or a PIN. Users apply the biometric factor or PIN to unlock the private key stored securely on the device. The key is then used to prove who the user and the device are to the service.

In addition, to help you get started on your own passwordless journey, we’re rolling out new public preview capabilities, including:

A new Authentication methods blade in your Azure AD admin portal that allows you to assign passwordless credentials using FIDO2 security keys and passwordless sign-in with Microsoft Authenticator to users and groups.

Updated capabilities in the converged Registration portal for your users to create and manage FIDO2 security keys.

Ability to use FIDO2 security keys to authenticate across Azure AD-joined Windows 10 devices on the latest versions of Edge and Firefox browsers.

Many teams across Microsoft have been involved in this effort to deliver on our vision of making FIDO2 technologies a reality to provide you with seamless, secure, and passwordless access to your Azure AD-connected apps and services. For details, read Announcing the public preview of Azure AD support for FIDO2-based passwordless sign-in.