Hi Vincent
To get a true passwordless login with YubiKeys, you’ll need to enable FIDO2 security keys in your Entra ID tenant first. In the Entra portal, go to Security > Authentication methods and turn on FIDO2 security keys for the users or groups you want. Make sure you configure the “Allow self‑service setup” option so users can register their YubiKeys themselves. On the Windows side, you’ll need to enable Windows Hello for Business in Intune or Group Policy, and set it to allow FIDO2 keys at the login screen. Once that’s in place, users can insert their YubiKey, type their PIN, and tap the sensor to sign in no password required.
Best practice is to pilot this with a small group first, confirm the login flow works smoothly, and then expand to the rest of your organization. Also, make sure your devices are Azure AD joined or hybrid joined, since FIDO2 login requires that trust relationship.
If this explanation helps you move forward with setting up passwordless login, please hit accept answer