Changes to FIDO2 security key registration and sign-in experiences
During FIDO2 security key registration, Microsoft Entra ID users may see an operating system or browser-generated prompt for creating a passkey on another device, such as a phone or tablet. In some cases, a QR code is shown to facilitate this option. When this happens, the user needs to select “Use a different device” to continue with their registration process.
This is due to an evolution of the ecosystem resulting in operating system and browser UI changes. For users on Windows 11 23H2, an updated system UI has been enabled to improve user discovery and selection of security keys and other passkey types.
Microsoft is also aware that a similar prompt may be presented during sign-in time.
Currently, Microsoft is investigating a mitigation to optimize the sign-in flow.
What you need to do to prepare:
If your organization uses FIDO2 security keys, Microsoft recommend that you reach out to affected users for awareness and update any internal documentation to guide users through this prompt. Please note that the prompt varies across operating systems and browsers.