Azure AD support for FIDO2-based passwordless sign-in
Updated: October 21, 2019
All Azure AD users can sign in password-free using a FIDO2 security key, joining the Microsoft Authenticator app and Windows Hello as previously available solutions. These strong authentication factors are based off the same world class, public key/private key encryption standards and protocols, which are protected by a biometric factor (fingerprint or facial recognition) or a PIN. Users apply the biometric factor or PIN to unlock the private key stored securely on the device. The key is then used to prove who the user and the device are to the service.