This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 11%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
We are currently implementing security key logins for Windows 11 using YubiKey FIDO keys on our AutoPilot deployed AzureAD only joined devices. So far the implementation is working well for the majority of our users.
Our administrators have separate high privilege administrator accounts so they have two AzureAD accounts associated with their YubiKey. When logging into websites and virtual machines they are able to select which account to use and therefore use the right account to access services.
The issue we are facing is with Windows logins. When using a YubiKey to login they are logged into the last account the user logged into the machine with, which is typically the 'wrong' account - normally their administrative account, rather than their low privileges account. This occurs even when the low privileges account is selected from the account picker on the Windows login screen.
How can Windows logins be configured to allow a single YubiKey to support multiple Windows accounts?
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I want to know How i authorise my azure with Yubikey 5 series
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 10%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Same problem here. Does anyone have a suggestion? Thank you! Edit: Just found this doc, it is not supported. https://video2.skills-academy.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-windows#unsupported-scenarios
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 40%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
It seems that Windows logon uses the account which has been most recently added to the Yubikey. So: reset your Yubikey, re-register your administrative account(s) first, then finally register your normal account.
If you don't want to completely reset and re-register all your admin accounts, it might also work to only remove your normal account credentials with ykman.exe (https://tinyurl.com/mvw2bdmc) and re-register it so that it becomes the most recently added. But I have not tried this yet.