<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: Configure FIDO security keys as the default sign-in option for Windows	</title>
	<atom:link href="https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/feed/" rel="self" type="application/rss+xml" />
	<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/</link>
	<description>Intune, Windows, Office 365, Microsoft 365, Azure, Automation</description>
	<lastBuildDate>Wed, 25 Sep 2024 14:56:24 +0000</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>
		By: Eugene		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-238625</link>

		<dc:creator><![CDATA[Eugene]]></dc:creator>
		<pubDate>Wed, 25 Sep 2024 14:56:24 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-238625</guid>

					<description><![CDATA[guided me well but found that windows 11 turned round and said shows smart card requires drivers that are not present on this system W11 - I got in touch with the key provider and they led me down the line of reg key

REG ADD &quot;HKLM\SOFTWARE\policies\Microsoft\FIDO&quot; /v EnableFIDODeviceLogon /t REG_DWORD /d 1 /f

for some reason despite me putting the FIDO as credential providor it didn&#039;t like the fido 2.1 nfc card in the reader, once I used that reg key it worked fine but still showed smartcard as an option instead.  I&#039;m sure it&#039;s so simple if look deeper into it but up and running at the moment.  So just providing reg key for those having similar issue.]]></description>
			<content:encoded><![CDATA[<p>guided me well but found that windows 11 turned round and said shows smart card requires drivers that are not present on this system W11 &#8211; I got in touch with the key provider and they led me down the line of reg key</p>
<p>REG ADD &#8220;HKLM\SOFTWARE\policies\Microsoft\FIDO&#8221; /v EnableFIDODeviceLogon /t REG_DWORD /d 1 /f</p>
<p>for some reason despite me putting the FIDO as credential providor it didn&#8217;t like the fido 2.1 nfc card in the reader, once I used that reg key it worked fine but still showed smartcard as an option instead.  I&#8217;m sure it&#8217;s so simple if look deeper into it but up and running at the moment.  So just providing reg key for those having similar issue.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Peter Klapwijk		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-221559</link>

		<dc:creator><![CDATA[Peter Klapwijk]]></dc:creator>
		<pubDate>Tue, 04 Jun 2024 12:57:39 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-221559</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-221510&quot;&gt;Richard&lt;/a&gt;.

Hi Richard,

What is described in this article is only related to the sign-in options you have on the logon screen. You can still authenticate inside Windows itself with a password.
That&#039;s different if you take the next step in going passwordless as you can read in this article https://inthecloud247.com/the-next-step-in-a-passwordless-windows-experience/]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-221510">Richard</a>.</p>
<p>Hi Richard,</p>
<p>What is described in this article is only related to the sign-in options you have on the logon screen. You can still authenticate inside Windows itself with a password.<br />
That&#8217;s different if you take the next step in going passwordless as you can read in this article <a href="https://inthecloud247.com/the-next-step-in-a-passwordless-windows-experience/" rel="ugc">https://inthecloud247.com/the-next-step-in-a-passwordless-windows-experience/</a></p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Richard		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-221510</link>

		<dc:creator><![CDATA[Richard]]></dc:creator>
		<pubDate>Mon, 03 Jun 2024 15:34:58 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-221510</guid>

					<description><![CDATA[Hi Peter,
first of all thanks for this tutorial. Question from our side would be, if it is still possible to use Password Authentication for UAC prompts and Admin Login.
We would like to have our users forced to use the FIDO 2 Stick, in our case YubiKey 5, but the UAC prompt would still need a password and it must be possible to login as Admin using a password.

Looking forward for your thoughts :)]]></description>
			<content:encoded><![CDATA[<p>Hi Peter,<br />
first of all thanks for this tutorial. Question from our side would be, if it is still possible to use Password Authentication for UAC prompts and Admin Login.<br />
We would like to have our users forced to use the FIDO 2 Stick, in our case YubiKey 5, but the UAC prompt would still need a password and it must be possible to login as Admin using a password.</p>
<p>Looking forward for your thoughts 🙂</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Peter Klapwijk		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-217288</link>

		<dc:creator><![CDATA[Peter Klapwijk]]></dc:creator>
		<pubDate>Fri, 05 Apr 2024 09:01:34 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-217288</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-217248&quot;&gt;Mike B&lt;/a&gt;.

Hi Mike,

You are asked for a PIN because you are not using a BIO version key with a fingerprint. If you would have such a version, you&#039;re not asked for a PIN.]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-217248">Mike B</a>.</p>
<p>Hi Mike,</p>
<p>You are asked for a PIN because you are not using a BIO version key with a fingerprint. If you would have such a version, you&#8217;re not asked for a PIN.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Mike B		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-217248</link>

		<dc:creator><![CDATA[Mike B]]></dc:creator>
		<pubDate>Thu, 04 Apr 2024 16:25:44 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-217248</guid>

					<description><![CDATA[Thanks for this article Peter! I’ve just tried to set this up using a FIDO2 key and am asked to set up and then use a PIN with the key. 

So at the Win login screen with the USB inserted it asks first for a PIN and then to touch the security key (might as well just use Win Hello PIN with this workflow). 
Have MS changed this requirement since you published this article? 

I want to be able to log in to windows by just touching the security key as in your article. I’m using a Thetis key which is U2F &#038; FIDO2 (but doesn’t have a fingerprint reader like your key).]]></description>
			<content:encoded><![CDATA[<p>Thanks for this article Peter! I’ve just tried to set this up using a FIDO2 key and am asked to set up and then use a PIN with the key. </p>
<p>So at the Win login screen with the USB inserted it asks first for a PIN and then to touch the security key (might as well just use Win Hello PIN with this workflow).<br />
Have MS changed this requirement since you published this article? </p>
<p>I want to be able to log in to windows by just touching the security key as in your article. I’m using a Thetis key which is U2F &amp; FIDO2 (but doesn’t have a fingerprint reader like your key).</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Koen Stronkhorst		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-197589</link>

		<dc:creator><![CDATA[Koen Stronkhorst]]></dc:creator>
		<pubDate>Thu, 30 Mar 2023 11:27:30 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-197589</guid>

					<description><![CDATA[Hi Peter, one last question. When WHfB is forced, it seems that after adding and deploying this policy, the setup PIN (set up by WHfB) is still usable for login. Do you know if it&#039;s required to turn off this WHfB, so that PIN code is no longer usable?

Or am I using the wrong GUID of the PIN credential provider? If yes, do you know which one I should use?

Thanks, again!]]></description>
			<content:encoded><![CDATA[<p>Hi Peter, one last question. When WHfB is forced, it seems that after adding and deploying this policy, the setup PIN (set up by WHfB) is still usable for login. Do you know if it&#8217;s required to turn off this WHfB, so that PIN code is no longer usable?</p>
<p>Or am I using the wrong GUID of the PIN credential provider? If yes, do you know which one I should use?</p>
<p>Thanks, again!</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Peter Klapwijk		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196259</link>

		<dc:creator><![CDATA[Peter Klapwijk]]></dc:creator>
		<pubDate>Mon, 06 Mar 2023 08:54:41 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-196259</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196176&quot;&gt;jeet&lt;/a&gt;.

To setup WHfB, you still first have to sign in to the device with a password, that&#039;s where the FIDO key comes in.
And on shared Windows devices sign in with a sec key is preferred above sign in with a password.]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196176">jeet</a>.</p>
<p>To setup WHfB, you still first have to sign in to the device with a password, that&#8217;s where the FIDO key comes in.<br />
And on shared Windows devices sign in with a sec key is preferred above sign in with a password.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: jeet		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196176</link>

		<dc:creator><![CDATA[jeet]]></dc:creator>
		<pubDate>Sat, 04 Mar 2023 11:40:10 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-196176</guid>

					<description><![CDATA[windows hello for business and FIDO both are phishing resistant have similar security.
just thinking why any org will invest in FIDO if they have WHFB.]]></description>
			<content:encoded><![CDATA[<p>windows hello for business and FIDO both are phishing resistant have similar security.<br />
just thinking why any org will invest in FIDO if they have WHFB.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Peter Klapwijk		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196166</link>

		<dc:creator><![CDATA[Peter Klapwijk]]></dc:creator>
		<pubDate>Sat, 04 Mar 2023 08:27:08 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-196166</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196125&quot;&gt;Koen Stronkhorst&lt;/a&gt;.

Just a comma, no other spaces.]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196125">Koen Stronkhorst</a>.</p>
<p>Just a comma, no other spaces.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Koen Stronkhorst		</title>
		<link>https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196125</link>

		<dc:creator><![CDATA[Koen Stronkhorst]]></dc:creator>
		<pubDate>Fri, 03 Mar 2023 07:28:52 +0000</pubDate>
		<guid isPermaLink="false">https://inthecloud247.com/?p=10927#comment-196125</guid>

					<description><![CDATA[In reply to &lt;a href=&quot;https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196089&quot;&gt;Peter Klapwijk&lt;/a&gt;.

Just one more questions Peter, when adding multiple credential providers, and separating them with a comma, do I have to use space after the comma or only comma and then next provider tag?

Thanks!]]></description>
			<content:encoded><![CDATA[<p>In reply to <a href="https://inthecloud247.com/configure-fido-security-keys-as-the-default-sign-in-option-for-windows/#comment-196089">Peter Klapwijk</a>.</p>
<p>Just one more questions Peter, when adding multiple credential providers, and separating them with a comma, do I have to use space after the comma or only comma and then next provider tag?</p>
<p>Thanks!</p>
]]></content:encoded>
		
			</item>
	</channel>
</rss>
