Skip to the main content.

Modernize & Transform

Built to help you reimagine IT operations, empower your workforce, and leverage AI-powered tools to stay ahead of the curve.

Untitled design (3)

Empower My Team

We bring together the best of Microsoft’s cloud ecosystem and productivity tools to help your people thrive.

Untitled design (3)

Build My Infrastructure

We offer a comprehensive suite of infrastructure services tailored to support your business goals today and scale for the future

Untitled design (3)

IT Services

Our managed and co-managed IT service plans deliver a responsive and innovative engagement to support your IT needs, improve employee experience, and drive growth for your business. 

Untitled design (3)

Cybersecurity Services

Sourcepass offers innovative solutions, including SOC, GRC, Security Assessments, and more to protect your business.

Untitled design (3)

Professional Services

Grow your business with cloud migrations, infrastructure refreshes, M&A integrations, staff augmentation, technical assessments, and more.

Untitled design (3)

Resource Library

Stay ahead, stay connected, and discover the future of IT with Sourcepass.

Untitled design (3)

Events & Webinars

Dive into a dynamic calendar of webinars and in-person gatherings designed to illuminate the latest in managed IT services, cybersecurity, and automation.

Untitled design (3)

 

The Sourcepass Story

Sourcepass aims to be different. It is owned and operated by technology, security, and managed services experts who are passionate about delivering an IT experience that clients love.

Untitled design (3)

The Sourcepass Experience

At Sourcepass, we’re rewriting the IT and cybersecurity experience by helping businesses focus on what they do best, while we deliver the infrastructure, insights, and innovation to help them thrive.

Untitled design (3)

 

Step-by-Step Guide to Implementing FIDO2 and Passkeys in Microsoft 365

 
Step-by-Step Guide to Implementing FIDO2 and Passkeys in Microsoft 365

As phishing attacks grow more sophisticated, traditional multi-factor authentication (MFA) methods such as SMS and app-based codes are no longer enough to secure Microsoft 365 accounts. Modern authentication methods—including FIDO2 security keys (like YubiKeys or Windows Hello for Business) and passkeys—offer phishing-resistant protection that dramatically reduces risk.

This step-by-step guide explains how to implement FIDO2 and passkeys in Microsoft 365, enforce secure conditional access policies, and ensure device compliance to protect sensitive accounts.

 

Step 1: Assess Your Current Authentication Setup

Begin by reviewing your organization’s existing MFA configuration. Identify which users are using legacy methods (SMS, email codes, app-based MFA) and prioritize high-risk accounts such as:

  • Global administrators

  • Finance and HR personnel

  • Executives and board members

Mapping current authentication usage ensures a structured migration plan.

 

Step 2: Acquire and Enable FIDO2 or Passkeys

You have two primary deployment paths:

  • FIDO2 Security Keys: Purchase hardware-based keys such as YubiKeys or leverage Windows Hello for Business for built-in biometric sign-in.

  • Passkeys: Use device-bound passkeys that are increasingly supported across Microsoft and partner ecosystems for passwordless login.

Enable FIDO2 or passkeys within the Microsoft Entra admin center under Authentication Methods.

 

Step 3: Configure Conditional Access Policies

Conditional access is critical to enforcing modern authentication methods. Within Microsoft Entra:

  1. Create a policy requiring FIDO2 or passkeys for high-sensitivity accounts.

  2. Require compliant or hybrid-joined devices before granting access.

  3. Block sign-ins from unmanaged or high-risk devices.

  4. Apply step-up authentication for privileged operations.

These policies ensure that only authorized users with phishing-resistant MFA can access critical systems.

 

Step 4: Pilot the Deployment

Roll out FIDO2 keys or passkeys with a small pilot group, typically IT staff and select executives. This allows you to:

  • Validate hardware and device compatibility.

  • Test conditional access enforcement.

  • Refine user onboarding and support processes.

Gather feedback to smooth the wider rollout.

 

Step 5: Expand Organization-Wide

After a successful pilot, extend deployment to all employees. Provide clear instructions, user guides, and IT support to minimize friction. Many SMBs find adoption higher when paired with short training sessions or onboarding workshops.

 

Step 6: Monitor and Optimize Security

Modern authentication is not a one-time project—it requires ongoing monitoring. Use Microsoft Defender for 365 and Microsoft Entra reporting tools to:

  • Track adoption rates of FIDO2 and passkeys.

  • Detect unauthorized MFA registrations.

  • Identify risky sign-ins and automate remediation.

Regular reviews ensure that your MFA policies evolve alongside emerging threats.

 

Conclusion

Implementing FIDO2 and passkeys in Microsoft 365 provides SMBs with a practical, secure way to defend against phishing and token theft. By assessing current MFA, enabling FIDO2 methods, enforcing conditional access, piloting the rollout, and monitoring adoption, organizations can dramatically improve their security posture while streamlining the login experience.

Modern authentication is more than a technology upgrade—it is a strategic safeguard for your business.