<aside> ℹ️

For installation instructions, check out Getting Started with Desktop Passwordless (All OSes)

</aside>

Add an Allthenticate passkey to your Microsoft account

<aside> 🛑

Your Entra environment must first be configured to allow passkeys. Microsoft Environment Setup

</aside>

⚠️ Before you continue: Your Entra environment must first be configured to allow passkeys Admin-Only Setup section (at the bottom of this guide) before this step will work. If you're unsure, ask your admin to confirm that FIDO2 passkeys and the Allthenticate AAGUIDs have been enabled in Entra.

1. Go to myaccount.microsoft.com and sign in with your work account.

2. Navigate to Security Info.

3. Click Add sign-in method and select Security Key.

4. Follow the on-screen prompts:

   • When asked "Choose the type of security key you have" → select USB Device (this is expected — Allthenticate uses the FIDO2 security key protocol over Bluetooth).
   • Click Next.
   • Under "Choose where to save this passkey" → select Security Key, then click Next.
   • Click OK, then click OK again on the "Continue setup" screen.
   • A prompt will appear on your phone — complete the biometric verification and name your passkey.

   

5. The passkey should now appear under your Security Info as a Security key.

6. Restart your PC and use the FIDO passkey option on the login screen to sign in.

Enable Security Key Sign-in (Group Policy)

This step enables the "Security Key" option on the Windows login screen. It needs to be done on each device (or pushed via Intune — see Troubleshooting).

1. Press the Windows key and type gpedit.

2. Right-click and select Run as administrator.

3. Click Yes when prompted.

   

4. Navigate to: Computer Configuration → Administrative Templates → System → Logon.

5. Double-click Turn on security key sign-in, select Enabled, then click OK.

6. Close the Group Policy Editor and reboot to apply changes.

:bluetooth: Bluetooth Resources

• How to check if your Bluetooth adapter supports BLE Peripheral Mode