AAD conditional access with U2F token

Options

1. Windows Hello companion
2. AAD third party MFA provider (e.g. RSA, Duo and Trusona)

First try with Duo

Prerequisites

1. Azure AD tenant with AAD Premium P2
2. U2F security token (e.g. YubiKey 4)
3. Free Duo Trial

Configuration

I will not cover this, Duo has a great documentation which you should refer to.

User experience — setup

As soon as the conditional access rule has been activated, the user will be prompted for registration with Duo the next time he tries to log in.

Choose U2F token

U2F token will be detected (requires browser supported by Duo)

User experience — sign-in