Go Passwordless with YubiKey and Microsoft Azure Active Directory

March 2, 2021 3 minute read
person logging into laptop using YubiKey and Microsoft Azure AD

Today, Yubico celebrates an important milestone in the evolution of modern authentication. We are excited to report that YubiKey passwordless authentication is now generally available to Microsoft’s Azure Active Directory (Azure AD) users, a critical step toward achieving better security without compromising usability. Nearly three years ago, Yubico started on this journey with Microsoft and brought the first FIDO2-enabled security key to the market. Today’s announcement highlights our commitment to continue delivering trust at scale.

What does passwordless general availability mean?

With the general availability of passwordless login for Azure AD, admins can now enable a passwordless login flow for their users with a variety of authentication options including: Windows Hello, Microsoft Authenticator App, and FIDO2 security keys, like YubiKeys. Once enabled, enrolling, adding, and removing YubiKeys is a self-service process for employees. 

End-users can experience passwordless authentication with a YubiKey to log in to: 

  • Microsoft 365 web apps on the Chrome (version 66 and above) and Edge (version 1903 and above) desktop browsers
  • Enterprise applications federated with Azure Active Directory 
  • Windows 10 devices (version 1909 and above) joined to Azure Active Directory
  • Windows 10 devices (version 2004 and above) joined to a hybrid Active Directory 

“Now with broad support for FIDO2 standards, our customers can provide an authentication experience for their users that is effortless, cross platform, and highly secure,” said Alex Simons, Corporate Vice President of Program Management, Microsoft Identity Division. “We are happy to be part of a collaboration with Yubico in our joint effort to move beyond passwords and provide more secure environments for today’s workforce.”

Which YubiKeys support passwordless authentication with Azure Active Directory?

Many YubiKeys support Microsoft’s passwordless authentication, including the flagship YubiKey 5 Series, and the Security Key NFC by Yubico.

The YubiKey 5 Series is Yubico’s line of multi-protocol keys designed for enterprises and prosumers. These keys support FIDO2, along with five other authentication protocols, on one device: FIDO U2F, PIV (smart card), OTP (one-time password), OpenPGP, and static password. This enables YubiKey 5 Series keys to serve as a “bridge to passwordless” as they provide strong authentication across existing environments and modern environments like Azure AD. The YubiKey 5 Series comes in a variety of form factors and can connect via USB-A, USB-C, Lightning, and near-field communication (NFC).

The Security Key NFC by Yubico is a FIDO-only authentication device and supports both USB-A and NFC connections. The upcoming YubiKey Bio is also a FIDO-only authentication key that will support passwordless authentication in Microsoft environments using USB-A or USB-C connections. The YubiKey Bio is currently in private preview and you can register here to get updates.

How do you get started with YubiKeys and Microsoft Azure Active Directory? 

To get started with passwordless authentication in your Microsoft environment, visit our e-commerce site to purchase a passwordless starter kit, or contact the Yubico sales team to get a consultation and learn about what solutions are best suited for your needs. 

You can also learn more about other YubiKey and Microsoft passwordless deployments by reading our latest case study with the Government of Nunavut. In 2019, the Government of Nunavut turned to phishing-resistant YubiKeys and Azure AD to rebuild their infrastructure after a ransomware attack. 

For additional resources about Microsoft’s passwordless authentication please visit their blog or register for the upcoming webinar on March 25, “What you can do today with passwordless AD and YubiKeys.”

Share this article:

Recommended content


YubiKey SaaS offering from Yubico now available through the Microsoft Azure Marketplace

Today, Yubico is announcing the availability of its multi-factor authentication YubiKeys in the Microsoft Azure Marketplace. Microsoft Azure customers in the U.S. will now have access to YubiKeys to take advantage of the scalability, reliability, and agility of Azure to drive application development and shape business strategies.  “We’re pleased to welcome Yubico to the Microsoft ...


Future-Proofing Authentication and Compliance for Healthcare Organizations

Healthcare continues to remain one of the most highly targeted industries by cyber criminals. In fact, with the COVID-19 pandemic, the industry has seen a doubling of the number of cyber attacks – attacks which are both costly ($9.23 million, on average) and disruptive. What’s even more troubling is that these attacks are likely to ...


Put Your Finger on the Pulse of What’s New with the YubiKey Bio Series

Today, we are announcing the YubiKey Bio Series, Yubico’s first-ever YubiKeys supporting biometric authentication. The YubiKey Bio was first previewed at Microsoft Ignite in 2019 where we showed a live demo of passwordless sign-in to Microsoft Azure Active Directory accounts. We’ve taken the time to ensure that we are launching products that are highly secure ...


Yubico Sale and License Agreement - Azure Marketplace

This Yubico Sale and License Agreement for Azure Marketplace (this “Agreement”) contains terms and conditionsthat govern subscriptions to Yubico’s subscription products obtained through the Azure Marketplace, operated byMicrosoft. This Agreement is entered into between Yubico Inc., a Delaware corporation located at 530 LyttonAvenue, Suite 301, Palo Alto, CA 94301, U.S.A. (“Yubico”), and the entity or ...