Configuring this is easy enough, and I was able to do so over the weekend because YubiKey had been kind enough to send me a YubiKey 5 Series hardware security key; Microsoft enabled this functionality on the Microsoft account website last week.
This won't work beyond personal accounts for a while. For now, Microsoft is only supporting password-less sign-in through Microsoft Edge, so if you're committed to another browser, you'll need to sit this out for now. The user only has to press a button on the security key to log into a website if they use a browser (such as Edge) that supports the WebAuthn web API, which connects the FIDO 2 hardware to a website's server.
For those unfamiliar, FIDO2 authentication keys are standard-based devices that allow users to sign in to online services without a password.
Identify what type of security key you have (USB or NFC) and select Next.
Earlier this year, Microsoft announced that it was adding support for FIDO2 security key authentication to Windows 10.
You will be redirected to the setup experience, where you will insert or tap your security key.
If you're sick of creating, remembering, and entering passwords, you're not alone: Microsoft is now on your side. The physical possession of your security key or biometric authentication via Windows Hello is required for accessing the services.
The no-password login overcomes weaknesses in accounts and passwords by relying on private, unique, complex information stored within the USB keys.
Once you've have completed these steps, you will now see "Sign in with Windows Hello or a security key" when you attempt to login to Microsoft services.
FIDO2 devices protect your account by utilizing a private/public encryption key pair that is created by the security key.
At the Additional Security Options page, scroll down and under the section "Windows Hello and security keys" click on the Set up a security key link.
If you are not using a FIDO2 compatible key, Microsoft will display a message stating that the key is not compatible.