![Download intellitype pro](https://cdn3.cdnme.se/5447227/9-3/1_64e61dfaddf2b33c615a3cd3.png)
If this is a new key, the user is prompted to set up a new PIN for this device. “To set up a security key, you need to sign in with two-factor authentication.” Now, if a user has not setup any authentication method before, they are prompted with the following error when they try to register a new key at. You can also change the default settings for the Temporary Access Pass. You can configure additional settings to restrict specific keys for example. Next, go to Azure Active Directory -> Security -> Authentication methods, and make sure that both FIDO2 Security Key and Temporary Access Pass is enabled for all, or a selected group of users. The new combined registration experience is enabled by default on newer tenants, but if you have an older tenant, go to Azure Active Directory-> User Settings -> Manage user feature settings, and make sure that users can use the combined security information registration experience. Authentication policy for Temporary Access Pass.
![fido 2 key fido 2 key](https://cdn.shopify.com/s/files/1/1820/2435/products/fido2stock3_1024x1024.jpg)
Combined registration portal for MFA and SSPR enrollement.To support FIDO2 keys as authentication method, we need three things in place: In this blogpost, we take a look at how to set that up in your environment. Users can use TAP to bootstrap passwordless methods such as Windows Hello, FIDO2 keys, and Microsoft Authenticator App. Using this method, TAP will statisfy the MFA requirement. To work around that, we can use Azure Active Directory’s Temporary Access Pass (TAP) to onboard the user. That is sort of a chicken and egg situation. So if the user has not added an authentication method, they need to do that first, in order to add the FIDO2 security key to the account.
![fido 2 key fido 2 key](https://i.ebayimg.com/images/g/f9UAAOSwEJdfl1bP/s-l400.jpg)
One of the requirements to use FIDO2 security keys with your Microsoft 365 or Azure Active Directory account is multi-factor authentication.
![Download intellitype pro](https://cdn3.cdnme.se/5447227/9-3/1_64e61dfaddf2b33c615a3cd3.png)