Authentication Method - FIDO2 security key - Enforce key restrictions
Manages if registration of FIDO2 keys should be restricted.
| Name | keyRestrictions.isEnforced |
| Control | Authentication Method - FIDO2 security key |
| Description | Define configuration settings and users or groups that are enabled to use FIDO2 security keys |
| Severity | Low |
How to fix
Microsoft Learn - Enable passkeys (FIDO2) for your organization: Enforce key restrictions
Details of configuration item
| Recommendation | Restrict usage of FIDO2 from unauthorized vendors or platforms |
| Configuration | policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2') |
| Setting | keyRestrictions.isEnforced |
| Recommended Value | 'true' |
| Default Value | false |
| Graph API Docs | fido2AuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |