Authentication Method - FIDO2 security key - Allow self-service set up
Allows users to register a FIDO key through the MySecurityInfo portal, even if enabled by Authentication Methods policy.
| Name | isSelfServiceRegistrationAllowed |
| Control | Authentication Method - FIDO2 security key |
| Description | Define configuration settings and users or groups that are enabled to use FIDO2 security keys |
| Severity | High |
How to fix
Microsoft Learn - Enable passkeys (FIDO2) for your organization: Allow self-service set up
Details of configuration item
| Recommendation | |
| Configuration | policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2') |
| Setting | isSelfServiceRegistrationAllowed |
| Recommended Value | 'true' |
| Default Value | true |
| Graph API Docs | fido2AuthenticationMethodConfiguration resource type - Microsoft Graph v1.0 - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |