Windows 11 ARM VM running in macOS Parallels does not support FIDO2 token workstation login

Discussion in 'Windows Guest OS Discussion' started by WillQ, Oct 26, 2022.

  1. WillQ

    WillQ Bit Poster

    Messages:
    2
    For context:

    macOS monterrey 12.6 on an M1 Mac
    Parallels Virtualization version 18.0.3
    VM is WIndows 11 Insider Preview ARM architecture.

    My goal was to test DESKTOP login using a FIDO2 hardware security token with a provisioned FIDO2 credentials
    1. Joined WIndows 11 ARM VM to Azure
    2. Configured Azure properly for FIDO2 auth (passwordless auth)
    3. Confirmed that it was joined and I could login using a user via username/password
    4. Initially, logged out and went to sign in with a FIDO2 hardware token and could not, was never shown the FIDO2 option for authentication (see picture, no icon in sign-in options)
    5. Triaged the issue, set the registry setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device\DevicePasswordLessBuildVersion and set to 2
    6. Tried to play with USB re-direction on VM, but it would never present the option to login with a FIDO2 token
    7. The FIDO2 token DOES WORK inside a browser, you can use the token to login to your MSFT account. Any browser interactions FIDO2 hardware tokens are supported.
    8. In the picture below, note that there is no icon for FIDO2 tokens.
    My question is:
    1. Does macOS Parallels virtualization NOT support FIDO2 auth via a Windows 11 VM
    2. Or is it that Windows 11 ARM insider preview does not have FIDO2 capability natively and therefore it won't work with any security key at desktop login?
    [​IMG]
     

Share This Page