Enabling Microsoft MFA with a security key (FIDO2)


Enabling Microsoft MFA with a security key (FIDO2) - mandatory Multi-Factor Authentication (MFA) means authenticating a user logging into a service with more than just a username and password. In practice, this means that after entering your username and password, you will also need to authenticate with a smartphone app (Authenticator) or in this case a USB security key.

NOTE! This implementation requires a FIDO2-compatible security key. You must obtain a FIDO2-compatible USB security key for yourself to be able to implement this.

The guide is made with a Yubico Yubikey security key, but other FIDO2-compatible security keys are also functional. Microsoft has a list of FIDO2 security key manufacturers whose keys are compatible Microsofts list of FIDO2 security key providers. Multitronic Oy sells Yubico security keys in Jyväskylä, and they should have both USB-A and USB-C keys in stock.

The implementation takes a few minutes.

  1. Visit the digital services service point to get a temporary password for enabling MFA. The digital services service point is located on the third floor of the Lähde (B) building, in room B315. The password is valid for eight (8) hours from generation.
  2. Log in to Microsoft365 portal on your computer using the temporary password you received.

    A screen shot of a login pageDescription automatically generated with low confidence

  3. After a successful login, go to your Microsoft account security information and add a new login method..

    A screenshot of a computer screenDescription automatically generated with low confidence

  4. Select "Security key" from the drop-down menu and click "Add".

    A screenshot of a loginDescription automatically generated with low confidence

  5. Select USB device as the security key.

    A screenshot of a computerDescription automatically generated with medium confidence

  6. Follow the operating system's instructions to enable the security key.

    A screenshot of a computerDescription automatically generated with medium confidence A screenshot of a computer security systemDescription automatically generated with low confidence

    A screenshot of a computer security systemDescription automatically generated with low confidence A screenshot of a computer security systemDescription automatically generated with low confidence

  7. Set a PIN code for the new security key and continue the implementation by touching the touch surface of the security key.

    A screenshot of a computer security systemDescription automatically generated with medium confidence A screenshot of a computer security systemDescription automatically generated with low confidence


  8. When prompted by the operating system, give the security key a name.

    A screenshot of a computerDescription automatically generated with medium confidence 

  9. After this, the implementation is complete.

    A picture containing text, font, screenshotDescription automatically generated

Read also: How often is multi-factor authentication verification required?