Microsoft will not accept my Yubico passkey

Can someone help with the passkey issue I described above. I followed the AI generated steps and the passkey was registered under my account security, but when I try to sign into my email using the passkey, Microsoft sends a message that it looks unfamiliar and tells me to use another one. I thought using the alternative sign-in method was supposed to be more efficient. This is complicated and time-consuming. Why won't Microsoft recognize the Yubico passkey?

The Yubico security key itself is supported, but the behavior described matches cases where the passkey either is not correctly registered with the Microsoft account, is no longer valid, or is blocked by organizational policy.

Use these checks and steps:

1. Confirm the passkey is actually registered to the Microsoft account
   • Sign in to the account using an existing method that still works (password, existing MFA, or another device).
   • Go to the security info page for the account (for a personal Microsoft account or work/school Entra ID, use the appropriate “Security info” / “My Security info” page referenced in the docs).
   • Verify whether a FIDO2/passkey entry for this Yubico key is listed.
   • If the key is not listed, it has never been successfully registered and must be added first.
2. Remove any invalid or “orphaned” passkeys
   • If there is a passkey entry that corresponds to this key but sign-in fails with messages like “key does not look familiar,” treat it as invalid.
   • Delete that passkey entry from the account’s Security info.
   • If the key was previously set up in an app (such as Microsoft Authenticator) or on a device and is no longer recognized, delete that local credential as well. This avoids an “orphaned passkey” situation where the credential exists on the device but not in Microsoft Entra ID.
3. Re‑register the Yubico key as a new passkey
   • While signed in with a working method, go back to Security info / My Security info.
   • Choose to add a new sign‑in method and select the FIDO2/passkey/security key option.
   • When prompted, insert/tap the Yubico key and enter the PIN that was set on the key.
   • Complete the prompts and give the key a recognizable name.
   • After successful registration, sign out and try signing in again using “Other ways to sign in” → “Face, fingerprint, PIN, or security key” and then use the Yubico key.
4. Check for organization policy blocks
   • Some organizations restrict which passkey providers or cross‑device methods are allowed. If the device shows prompts like “try a different key” or never offers the QR / cross‑device option, the tenant policy may be blocking this scenario.
   • In that case, the IT manager or Microsoft 365/Entra admin must review and configure passkey settings as described in the admin guidance linked from the troubleshooting article.
5. If the key was used via an app (Authenticator) and now fails
   • If the passkey was stored in Microsoft Authenticator and sign‑in shows messages like “We couldn’t use your device to verify your identity” or “This passkey can no longer be used,” the passkey is no longer valid.
   • Delete the invalid passkey from Authenticator and from the account’s Security info, then set up a new passkey.

If, after confirming registration and cleaning up invalid entries, the Yubico key still is not accepted, the next step is for the organization’s IT admin to verify that FIDO2/passkey sign‑in is enabled and that this type of key/provider is allowed in the tenant configuration.

References:

• Sign in with a passkey (FIDO2) for your work or school account
• Troubleshoot signing in with a passkey
• Set up a passkey in Microsoft Authenticator
• Frequently asked questions about passkey support in Microsoft Authenticator