Hello,
So I've enabled the smart card services on Win 2k19 and installed IIS. I've also enabled the GPO for smart-card authentication and Windows Hello for Business on the server. Could someone provide a step-by-step on actually enrolling the Yubi key? I have joined the domain on a Windows 10 Enterprise laptop but it doesn't seem to want to use the Yubi key for login.
I also have a FIDO2 compatible USB key , but it seems that it's only valid for use when logging onto websites and not the computer.
I'm very new to this, so any help would be appreciated. I've tried to follow the guides from Microsoft, but my test environment is only on-premise. My production environment is Azure-AD hybrid. I'm trying to enable this ONLY for my user as a test and do not want to make GPO that affect the entire domain, which is why I setup a test server. I'm not sure how to get this done in the production environment without affecting ALL users, which is not what I am wanting to do.
The tutorials I've found from the vendor are out of date and I'm trying to get this to work for an on-premise AD configuration. I want to use either the Yubi 4 key or the FIDO2 key. The Yubi 4 key doesn't seem to be compatible with Windows Hello, but the FIDO key only works for web browser logins - not for logging into Windows.
Thanks,
Gabriel