Starting with FIDO2 security keys With Azure Active Directory #Trustkey #pointblank #fido #Azure #Security #AAD

Received a great FIDO2 Test kit from the vendor PointBlank Security / TrustKey Solutions

As FIDO2 is the new hot item in the security world, let see if it is that easy to implement and to use. I’m not going into the depth specs of the keys but more as a user view. easy to use and setup is this key to use by anyone.

for all the Azure AD login this is usable when the Microsoft authentication challenge is the say for Windows virtual desktop (WVD) you can use this.

I have a USB key and a USB-C type key.


I use my Computer with the normal USB for this so the Trustkey G310 model


Setting the Key en use it is simple I configured the Azure Active directory did some easy settings add the Key to my profile and ready.

First we Enable FIDO2 security key in the Azure AD this is been configured from the Azure Portal.

Azure Active directory <> Security


Next we go to authentication methods.


Here we can change the authentication type for all users of for a select of users.


When this is done you can set the fido option in your profile. If this is your own account then in the top of the azure portal you can go directly to your user account . or go to


Go to Security info


Here you can do add a method


Adding the Security key or if you want to used the phone the method is similar.


Now that we have chosen the FIDO2 Security Key we can configure this with a PIN.


Choose a proper Pin and use the Key. Now everything is set and ready to use.

Whenever you are challenged to login with the Microsoft Azure AD account you can make the choice on using the USB key. You can also make this dedicated

So for samples we go to  Browse to use an in private session or different browser to make sure you test this right.



select sign in with a security key


When entering the PIN and touching the USB you will be granted to login when it was successful you will see the page else it will prompt you again.


All this is perfect usable to login into your WVD portal

image FIDO2



Follow Me on Twitter @ClusterMVP

Follow My blog

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog Linkedin Profile Http:// Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project

4 thoughts on “Starting with FIDO2 security keys With Azure Active Directory #Trustkey #pointblank #fido #Azure #Security #AAD”

  1. Hello,
    how does the fingerprint recognition capability of the G310 work in conjunction with Azure AD logons?
    Thank you

  2. Hi the G310 has no fingerprint reader it needs to be touched. So basically it could be done by any one. it is just as your car key if you have the key you can drive. But i must say it works perfectly quick response. where the Azure authentication app sometimes is delayed works this fast all the time. The only thing is you need the USB key and don’t leave it in the machine if you leave.

  3. Hi! According to, the G310 has a fingerprint reader. I assume the fingerprint recognition unlocks the FIDO2 key (instead of using a PIN to unlock the key like e. g. with the Yubikeys).
    Quote: “…powerful microprocessor with extensive security features and a fingerprint sensor with a world-leading fingerprint recognition algorithm…”
    Also here they talk about fingerprint recognition:
    Introducing TrustKey G310 G320 (youtube):

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: