> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truu.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Enable TruU FIDO2 Login for Windows

> This is a step-by-step guide as to how one enables the TruU FIDO2 key login for Windows using Intune or GPO

**Enable TruU FIDO2 Key Login for Windows via Intune**

* **Open the Intune Admin Console** and navigate to the **Devices tab**.

<img src="https://mintcdn.com/truu-2/m22YLP0oXSNG0U3O/images/docs/7f84bff06595ad962ae89814e1a8d6631e25db8a4136fd7e78e07e31216b7c94-1.png?fit=max&auto=format&n=m22YLP0oXSNG0U3O&q=85&s=f193e29b5d8b201314b6a8820eef27ad" alt="" width="1924" height="814" data-path="images/docs/7f84bff06595ad962ae89814e1a8d6631e25db8a4136fd7e78e07e31216b7c94-1.png" />

* Under the **Manage Devices** section, choose **Configuration**, then click Create, followed by **New Policy**.

<img src="https://mintcdn.com/truu-2/E6hYbyLPrBHWbQ3m/images/docs/ccbf4ef10cfb33c1ff3560b4a4dc21f8bbbc8fc7bbb1473834176ee93b192726-2.png?fit=max&auto=format&n=E6hYbyLPrBHWbQ3m&q=85&s=2e2f663bd06cd5263260a0318eb3cdc3" alt="" width="1912" height="769" data-path="images/docs/ccbf4ef10cfb33c1ff3560b4a4dc21f8bbbc8fc7bbb1473834176ee93b192726-2.png" />

* In the **Platform dropdown**, select **Windows 10 and later**. For the **Profile type**, select **Settings catalog** and then click **Create**.

<img src="https://mintcdn.com/truu-2/rjjBxA7Z_Wk_-34G/images/docs/d8ff8c30a925643082c529e0c00d2fd76d87ef4b1865bd276e813e6d38474e08-3.png?fit=max&auto=format&n=rjjBxA7Z_Wk_-34G&q=85&s=d3bc73e253802012b986346a04ada7c9" alt="" width="1582" height="768" data-path="images/docs/d8ff8c30a925643082c529e0c00d2fd76d87ef4b1865bd276e813e6d38474e08-3.png" />

* Enter a name for the policy, such as **Enable TruU FIDO2 Logon for Windows**, and click **Next**.

<img src="https://mintcdn.com/truu-2/L38yxuvvUa8uAW5I/images/docs/087337ce10aa863baedacee94e6baef431739739c030e80da1cf4e4179174772-4.png?fit=max&auto=format&n=L38yxuvvUa8uAW5I&q=85&s=d044e25de27aff5ff4699d706e0ca195" alt="" width="1200" height="768" data-path="images/docs/087337ce10aa863baedacee94e6baef431739739c030e80da1cf4e4179174772-4.png" />

* Click **Add Settings**. In the **Settings picker**, search for and select **Windows Hello for Business**. From the available options in that category, choose **Use Security Key for Sign-in**.

<img src="https://mintcdn.com/truu-2/ehCBQgFdl_pQd0MN/images/docs/affb6d8e053940101aebe0476c8aa2bf3c66e17b9a2aaafa7772e2330acd33be-5.1.png?fit=max&auto=format&n=ehCBQgFdl_pQd0MN&q=85&s=00a0af5ea2b420af4bc697d74b676c59" alt="" width="1282" height="819" data-path="images/docs/affb6d8e053940101aebe0476c8aa2bf3c66e17b9a2aaafa7772e2330acd33be-5.1.png" />

* **Note**: Ensure the **Use Security Key for Sign-in setting** is set to **Enabled** and Click **Next**.

<img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/937edb04a89a61c4ec46900c8279aac25441591663e8733f8ff0d3c434db74ff-6.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=d73cc4b3687dec87ac97316014c1da1d" alt="" width="1165" height="814" data-path="images/docs/937edb04a89a61c4ec46900c8279aac25441591663e8733f8ff0d3c434db74ff-6.png" />

* Click **Next**.

<img src="https://mintcdn.com/truu-2/m22YLP0oXSNG0U3O/images/docs/700fa05ad3c910305daab09eb669282b2daf8a9b5229e76b1df846611ce20d2b-7.png?fit=max&auto=format&n=m22YLP0oXSNG0U3O&q=85&s=be5abaf0cb460eaea247e81c8aa9481f" alt="" width="1192" height="816" data-path="images/docs/700fa05ad3c910305daab09eb669282b2daf8a9b5229e76b1df846611ce20d2b-7.png" />

* On the assignment screen, choose **Add all devices**, then click **Next**

<img src="https://mintcdn.com/truu-2/E6hYbyLPrBHWbQ3m/images/docs/c6fda9b039b0c83acc7d01dc7afa0588cbf759f6b87876a60c654d2af494fcbe-8.png?fit=max&auto=format&n=E6hYbyLPrBHWbQ3m&q=85&s=d9a50889e654ee829716126e3c4d26e0" alt="" width="1579" height="817" data-path="images/docs/c6fda9b039b0c83acc7d01dc7afa0588cbf759f6b87876a60c654d2af494fcbe-8.png" />

* Finally, click **Create** to deploy the policy.

<img src="https://mintcdn.com/truu-2/YlfY4z_3_-uDkBaP/images/docs/5908186294093c64093dccf24a43beb0ecca080db4384e3febef0bb873a555ab-9.png?fit=max&auto=format&n=YlfY4z_3_-uDkBaP&q=85&s=099a93828c47794396ce367fd4e43788" alt="" width="1119" height="819" data-path="images/docs/5908186294093c64093dccf24a43beb0ecca080db4384e3febef0bb873a555ab-9.png" />

**There are 2 options to enable security sign-in on the Windows machine**

**1. Enable security key sign-in with Group Policy**

* Press the **Windows key** and type **gpedit**, then select **Run as Administrator**.
* When prompted, click **Yes** to allow the app to run in elevated mode.

<img src="https://mintcdn.com/truu-2/E6hYbyLPrBHWbQ3m/images/docs/bbc42fc74d2a7191699d0da53d33f965a6dfadc5c7c4ca1beba4f19c897beae9-11.png?fit=max&auto=format&n=E6hYbyLPrBHWbQ3m&q=85&s=8091830fdef2dba74085308b4fadd413" alt="" width="1153" height="910" data-path="images/docs/bbc42fc74d2a7191699d0da53d33f965a6dfadc5c7c4ca1beba4f19c897beae9-11.png" />

* In the **Group Policy Editor**, navigate to: **Computer Configuration → Administrative Templates → System → Logon→Turn on security key sign-in**

<img src="https://mintcdn.com/truu-2/L38yxuvvUa8uAW5I/images/docs/0cf246a4264e2f3f78e10d464aea3eca355b6e301cd5f4a28fb76659b1cddfba-1.png?fit=max&auto=format&n=L38yxuvvUa8uAW5I&q=85&s=1b052137de5753d0338e6c8793aeaf64" alt="" width="1126" height="786" data-path="images/docs/0cf246a4264e2f3f78e10d464aea3eca355b6e301cd5f4a28fb76659b1cddfba-1.png" />

* Double-click on **Turn on security key sign-in**\*\* and set the policy to **Enabled**, then click **OK**.

<img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/98719a766afdc6355600e88b61272c45eca9c2e09894b68df1eb3487ed49db47-2.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=d99e4766f88711b89750fead86dd33f0" alt="" width="1026" height="946" data-path="images/docs/98719a766afdc6355600e88b61272c45eca9c2e09894b68df1eb3487ed49db47-2.png" />

* Close the Group Policy Editor and **restart your computer** for the changes to take effect.

**2. Enable security key sign-in by editing the registry using Command Prompt**

* Press the **Windows key** and type `cmd`and select **Run as administrator**
* When prompted, click **Yes** to allow the app to run in elevated mode.

<img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/98bec7ba214243d6bb4e7a4d0830479583f45b50447dd75467dfc568060a51a5-3.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=a7eaa5f90f39c8a98892e927bd0c8c4d" alt="" width="1156" height="915" data-path="images/docs/98bec7ba214243d6bb4e7a4d0830479583f45b50447dd75467dfc568060a51a5-3.png" />

* Enter the following input and press **Enter**

```
REG ADD "HKLM\\SOFTWARE\\policies\\Microsoft\\FIDO" /v EnableFIDODeviceLogon /t REG\_DWORD /d 1 /f
```

<img src="https://mintcdn.com/truu-2/jJ0QGEHfTe0CfrEY/images/docs/a8cfe83b-31f5-4a65-a045-f9a5073b0415/718daeaa-7643-4c47-9714-e1873806f877/b0503fac-6d35-421d-9a6f-0b176d27c7ea/images/02b2b8e5-62c5-496f-b689-36374a35278e.png?fit=max&auto=format&n=jJ0QGEHfTe0CfrEY&q=85&s=ce1d915fa0150f6dc59535d33c60476d" alt="" width="571" height="129" data-path="images/docs/a8cfe83b-31f5-4a65-a045-f9a5073b0415/718daeaa-7643-4c47-9714-e1873806f877/b0503fac-6d35-421d-9a6f-0b176d27c7ea/images/02b2b8e5-62c5-496f-b689-36374a35278e.png" />

* Type *exit* to close the Command Prompt.
* Then restart your PC to finish applying the changes.

***

[MacOS: Known Locations Where Users Encounter Password Prompts vs. PIN](/docs/identifying-areas-where-users-encounter-password-prompts-vs-pin)

[MacOS Binding to AD: Consider the Alternatives](/docs/mac-binding-to-ad-consider-the-alternatives)