Registering multiple passkeys in Microsoft EntraID using PowerShell and CSV

This guide offers detailed instructions for registering multiple FIDO2 passkeys using PowerShell in EntraID. Follow these steps to streamline the registration process and enhance security with automated, script-based passkey management.

Registering multiple passkeys in EntraID using PowerShell and CSV

1. Prepare a CSV file with a UPN and SerialID column.

   The serialID will be the device's display name (DisplayName) in the user's M365 profile. It does not need to be unique for each user.

2. Open a PowerShell prompt as an administrative user.

   • Change to the directory where the Register Passkey.ps1 script file is located

   • Run the following command:

     & '.\Register Passkey.ps1'-tenant wfncd.onmicrosoft.com -CsvFilePath "user_csv_file_including_path"

   • You will be prompted to log on to your M365 EntraID tenant.

   • Once you are logged on, the registration process will begin.

3. Plug the DIGIPASS FX7 authenticator into the USB-C port.

   • Select Security Key.

   • Register a PIN for the DIGIPASS FX7 authenticator.

     

   • Touch the DIGIPASS FX7 authenticator to confirm the registration.

     Once the registration is complete, you will be prompted to verify the device by entering the PIN and touching the DIGIPASS FX7 authenticator again.

   • Remove the DIGIPASS FX7 authenticator and prepare the next one.

     The registration continues with the next user in the CSV file until there are no more users to process

Once all users in the CSV have been registered, you will see a list of all of the users along with their display names.