A user can self-register a YubiKey with their Azure AD Account. This is the recommended method for registering a YubiKey as an OATH-TOTP token. 

Before you begin

  • The user account must be in Azure AD.
  • Have a compatible YubiKey.
  • Install Yubico Authenticator on your mobile device and/or workstation.

Since the YubiKey does not contain a battery it cannot track time and will require software to generate OATH-TOTP codes. Yubico provides Yubico Authenticator for all major platforms (Windows, MacOS, Android, and iOS) to display the one time passcodes generated on the YubiKey.

 

Register a YubiKey

  1. Open a browser window and navigate to https://myprofile.microsoft.com.
  2. Sign in to your account. 
  3. Select Security Info in the left navigation or Update Info in the Security Info tile.1.png
  1. Select Add Method.
    2.png
  1. Select Authenticator app.
    3.png
  1. Select I want to use a different authenticator app.
    4.png
  1. Select Next.
  2. You will now see a QR code displayed on the screen.
  3. Insert your YubiKey and open Yubico Authenticator. Select Add or +. If the QR Code is visible, it will automatically fill in the fields required.
    5.png
  1. Select Add.
    6.png
  1. Double-click the Microsoft entry to copy the code to your clipboard. If successful, the message displays Code copied to clipboard.

Note: if you selected Require Touch in the previous step you must touch your YubiKey to copy the code.
7.png

 

  1. Back in your internet browser window paste the code in the box and click Next.
    8.png
  1. Select Done.
    9.png

You have now successfully registered your YubiKey to your account!