Logon to your Windows 10 device with Azure AD and Security Key

Intro

In this blog I will show how you can use a Security Key from for example Yubico or eWBM to logon to your device with an Azure AD account.

How to configure it

Go to the following URL: https://myprofile.microsoft.com you will get something like the following screen.

In the MyProfile portal you can do the following things:

  • Password, here you can change your password.
  • Devices, view, and manage your devices connected to your account.
  • My sign-ins (preview), see when you or someone else did try to sign in with your account, it’s still in preview but very interesting to see that people use your e-mail address to try to hack your account.
  • Organizations, see all the organizations that you’re a part of, so all the azure tenants that you have a guest account in.
  • Privacy, will show you how the privacy settings are configured in your organization.
  • Subscriptions, will show you witch licenses you have assigned to your account.
  • Security info, manage like security key’s, MFA, Phone numbers, Authentication App. Alternate e-mail, App Passwords.

So we will go to the Security Info tile to configure there our Security Key from eWBM with a fingerprint.

Now you see that I already have many different sign-in methods have configured, like my mobile number, office number, App Password, Microsoft Authenticator App, a Security Key from yubico and an alternative e-mail address outside of the tenant.

We will click on the ‘Add method’ to add our eWBM security key with a fingerprint.

and select from the method list ‘Security key’

then you can choose between a USB or NFC device for example, the Yubico has NFC in his device but no fingerprint yet like the eBWM. So we did choose the USB device option.

Now you have to insert the USB Security key in de USB port when we click next.

You see here two screens the first one in black will normally stand over the white one, so we click ‘OK’

you have now to agree that Microsoft will save your credentials on the security key.

you are asked to touch the fingerprint on the security key.

When you have touched the fingerprint scanner on the security key the get the option to give the key a name that is easy for you to remember.

And now you are ready to use it for logging in on your device with the security key and your fingerprint.

When you click on ‘Done’ your will see that it is added to the overview of your authentication methods, see the understanding screen.

Conclusion

I have a Surface Pro 3 device that has no Windows Hello camera so I use the eWBM Security key with fingerprint daily and are very happy with it, so no Pincode to remember and to type on the keyboard.