Security Key Sign-In problem

Question

I'm trying to configure the security key sign-in option on a group of Hybrid Azure AD joined Windows 10 devices. I've configured a targeted Intune deployment by following the steps on this page: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-windows

My Windows 10 version 1903 devices show up in Azure AD as Hybrid Azure AD joined.
I've enabled the FIDO2 Security Key Authentication Method Policy (Preview).
I've registered my security key as an Azure MFA method in myprofile.microsoft.com.
I've created a Device Configuration Profile in Intune that sets the ./Device/Vendor/MSFT/PassportForWork/SecurityKey/UseSecurityKeyForSignin setting to 1.
I've assigned this Device Configuration profile to my Hybrid Azure AD devices.

At this point, I am able to login to my Azure AD user account with the security key via a browser.

I should be able to login to my Hybrid Azure AD devices using my security key. But, on the Windows 10 logon screen, the 'Sign-In Options" is not even available. 

Any help is appreciated.

Thanks

Answer 1

Make sure you are using Edge and that you have the right FIDO key.

This issue is usually do to either an unsupported browser or unsupported keys. https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key

This discussion seems to be a similar issue. 

If this does not solve the problem, please provide a screenshot of what you are seeing and let me know if you would like me to open a support case for you.

---

Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

Answer 2

I can successfully login with my security key using the Edge browser.

My problem is that I can't login to my Windows 10 hybrid Azure AD device with my security key.
The "Sign-In Options", as shown in the below picture, is not even available for me on the Windows 10 logon screen.