Azure AD Now Supports FIDO2 Security Keys on Safari on iOS


In a significant development for iOS users, Microsoft Azure Active Directory (AD) has expanded its support for FIDO2 security keys on the Safari browser. This advancement is a crucial step towards enhancing security and usability on Apple's mobile devices, ensuring seamless authentication experiences for Azure AD users. With FIDO2 security keys, users can now enjoy passwordless access to their Azure AD accounts, boosting convenience and significantly reducing the risk of password-related attacks. Let's dive deeper into this exciting development and explore the benefits it brings to iOS users.

Historically, Safari on iOS has limited support for FIDO2 security keys, which has posed challenges for users seeking passwordless authentication options. However, Microsoft has worked diligently to bridge this gap, and the recent expansion of Azure AD's support for FIDO2 security keys on Safari for iOS devices marks a significant milestone.

With this development, iOS users can now leverage FIDO2 security keys to authenticate themselves seamlessly with Azure AD accounts while using Safari as their preferred browser. Whether accessing corporate resources, collaborating on documents, or managing applications, users can rely on their security keys for secure and convenient authentication.


While the expanded support for FIDO2 security keys on Safari for iOS is a significant step forward, it's important to note that there is still no support for the embedded browser, such as the one used to add an Outlook account to the Apple Native Mail app.

Supported FIDO2 keys

Azure AD's expanded support for FIDO2 security keys on Safari for iOS brings passwordless authentication to a wide range of Apple devices. Depending on the device type, specific FIDO2 key options are available to ensure seamless and secure authentication experiences.
iPhones with NFC Support
For iPhones that come equipped with Near Field Communication (NFC) capabilities, FIDO2 security keys with NFC functionality can be used. These keys can be easily tapped against the back of the iPhone to initiate the authentication process. The NFC feature simplifies the authentication experience, making it convenient and user-friendly.
iPads with USB-C Ports
iPads featuring USB-C ports can utilize FIDO2 security keys with USB Type-C connectors. These keys can be directly connected to the iPad's USB-C port, allowing for seamless passwordless authentication. The USB-C support ensures a fast and reliable connection, enhancing the overall user experience.
Adapters for Other Use Cases
For other iOS devices, such as older iPhones or iPads without NFC or USB-C ports, FIDO2 security keys can still be used with the help of USB to iOS port adapters. These adapters enable the connection between the FIDO2 key's USB interface and the port on the iOS device. By leveraging these adapters, users can enjoy passwordless authentication even on devices that don't have built-in NFC or USB-C support.

Update 29/06/2023

Microsoft has officially added iOS browser support on its website. The matrix now looks like the following:

Update 16/12/2023

In a recent update from Microsoft, it's been revealed that the public preview of FIDO2 authentication is now available for iOS and macOS users. This means that individuals with apps like Microsoft Authenticator installed on iOS or Microsoft Intune Company Portal on macOS can seamlessly sign into Microsoft applications using a FIDO2 security key. This feature is currently accessible on iOS and is anticipated to roll out for macOS early next year. This enhancement aligns with Microsoft's commitment to advancing secure and user-friendly authentication across various platforms. Native app support matrix is currently looking like below:


Did you know?

Token2 is offering currently the most secure FIDO2 keys for enterprise customers, known as the PIN+ Series FIDO2 keys. These keys, certified by the FIDO alliance, enforce PIN complexity at the firmware level. This unique feature is not available with other keys, even those marked as FIPS-certified.