Registering a passkey in Microsoft EntraID using PowerShell

This article provides instructions on registering a FIDO2 passkey using PowerShell in EntraID. Follow these steps to simplify the registration process and boost security with automated, script-based passkey management.

Registering a passkey in EntraID using PowerShell

1. Open a PowerShell prompt as a local administrative user.

   1. Change the directory to the location of the Register Passkey.ps1 script file.

   2. Run the following command:

      & '.\Register Passkey.ps1'-tenant wfncd.onmicrosoft.com -serial 12341234

      The serialID will be the device's display name (DisplayName) in the user's M365 profile. It does not need to be unique for each user.

   3. Enter the UPN of the user.

      You will be prompted to log on to your M365 EntraID tenant.

2. Once you are logged on, the registration process will begin.

3. Plug the DIGIPASS FX7 authenticator into the USB-C port.

   1. Select Security Key.

   2. Register a PIN for the DIGIPASS FX7 authenticator.

      

   3. Touch the DIGIPASS FX7 authenticator to confirm the registration.

      Once the registration is complete, you will be prompted to verify the device by entering the PIN and touching the DIGIPASS FX7 authenticator again.

   Once the process is complete, you will see a summary of the device registration.

The DIGIPASS FX7 authenticator is now registered and ready for use on that account.