Enabled Fido2 for all users, but this MFA option does not show under authentication types ...

Mike Schumann 0 Reputation points
2024-06-21T23:10:38.3766667+00:00

All our users have Business Standard Plan, MFA enabled - methods only show email, Phone Number + Temporary Access - Fido2 is what we want to use and it is enabled for all Users in Entra panel - just does not show as an available authentication method for each user?

What am I missing here?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,365 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 1,275 Reputation points Microsoft Vendor
    2024-06-24T20:03:18.5666667+00:00

    Hello @Mike Schumann,Thank you for posting your query on Microsoft Q&A.

    Based on your statement, I understand that you want to use FIDO security keys for all your users as an authentication method. However, when you checked under Users > Authentication methods in the Azure Portal, it only shows Email, Phone Number, and Temporary Access, not FIDO2.

    This is expected behavior in the Azure Portal, as it only shows Email, Phone Number, and Temporary Access as available methods. To register or set up a FIDO2 security key, users should register the security key from the Security Info page: https://mysignins.microsoft.com/security-info.

    Once they log in to the Security Info page, they can click on "Add sign-in method" and then see the option to set up a Security Key. Please refer to the screenshot below from my demo tenant.User's image

    Make sure to enable FIDO2 security key settings under Authentication Methods in your Azure Portal for those users. Refer to the screenshot below from my demo tenant.

    User's image

    Please refer to the following Microsoft documents for more information on configuration settings:

    I hope this information is helpful. Please feel free to reach out if you have any further questions. I am happy to assist you with this. If required, we can connect offline for more insights. Looking forward to your response.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    Thanks,
    Raja Pothuraju.

    1 person found this answer helpful.
  2. John Rogan 0 Reputation points
    2024-06-22T02:30:44.16+00:00

    Hi Mike,

    Check your authentication methods policies and conditional access policies.

    Go to Authentication Methods:

    In the Entra/Azure Active Directory panel, go to Security > Authentication methods.

    Policy Configuration:

    Check the policy settings for authentication methods.

    Ensure that the policy applies to the appropriate users or groups. (You stated that it applies to all your users.)

    Conditional Access Policies:

    Conditional Access policies can also affect the availability of authentication methods.

    Check Policies:

    Go to Security > Conditional Access.

    Review the policies to ensure no restrictions affect your preferred authentication methods.

    This is a quick-start troubleshooter. It is usually relatively straightforward, primarily when it affects everyone and your environment isn't very complex.

    Microsoft provides detailed documentation via many online resources, which may also help. Here are some references.

    Entra Identity

    Entra Conditional Access

    Entra Conditional Access Overview