SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Albert biketi chief technology officer at yubico
#
Data Protection
#
MFA
#
Cloud Security

Yubico expands YubiKey enrolment for Microsoft, Ping

Mon, 23rd Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Yubico has expanded its enrolment services for YubiKey deployments in Microsoft and Ping Identity environments.

The move extends its YubiKey as a Service offer to include in-field enrolment and account recovery for customers using Entra ID and PingOne PingID.

The update gives organisations new ways to issue and register hardware security keys as they move to passwordless authentication. It is intended to simplify setup for IT teams and other internal departments handling onboarding and access recovery.

A new Android application, YubiKey as a Service - Enrol, is part of the expansion. Now in Limited Early Access, it is designed to let organisations register YubiKeys on behalf of users, including new hires and existing employees.

The final version is planned to be available both as a standalone app and as a software development kit, allowing companies to build enrolment and recovery into their internal systems. That would give IT and HR teams a more direct role in issuing keys and managing user access.

Service options

The enrolment package now includes three approaches. One is FIDO Pre-reg, a managed service under which pre-enrolled YubiKeys are configured with user credentials before being shipped to employees.

The service is already generally available with Okta and Versasec, while Microsoft support is in early access. The model is intended to reduce the workload for internal technology teams by handling preparation before delivery.

A second option is the Enrol app and SDK for onsite use. It is designed for organisations that want staff to prepare and assign keys directly during onboarding or account recovery.

The third option is YubiEnrol, a command-line tool aimed at technical teams and partners. Yubico described it as a free option for cases where teams need to enrol YubiKeys quickly or where managed delivery services are not available.

The broader range of options is intended to suit different operating models, from centrally managed deployments to local enrolment by internal teams. Organisations will also be able to reset and reassign keys when employees change roles or leave.

Microsoft focus

The rollout places particular emphasis on organisations using Microsoft and Ping Identity products, supporting enrolment and recovery in Entra ID and PingOne PingID environments.

For businesses moving away from passwords, user registration and recovery often remain difficult parts of deployment, especially when workers are spread across multiple locations. Hardware keys can reduce exposure to phishing attacks, but issuing and managing them at scale can add administrative work.

The service includes encrypted enrolment, backend provisioning, auditing of activation events, and flexible delivery methods. Organisations can ship keys directly or use logistics providers and distributors for fulfilment.

Albert Biketi, chief product and technology officer at Yubico, said the company was responding to pressure on organisations to replace passwords while reducing exposure to credential theft.

"As cyber attacks become more sophisticated, organisations are increasingly seeking faster ways to eliminate passwords and protect users from phishing-based credential theft," Biketi said.

He said the new options were intended to make key registration easier for managers and internal teams.

"The expansion of YubiKey as a Service, with these new Enrolment service options, makes it easier for IT or business line managers to easily enrol and recover YubiKeys for their users. It also gives organisations the flexibility to integrate YubiKey deployment directly into their existing workflows, fast-tracking passwordless adoption and strengthening security across the enterprise," he said.

Yubico, based in Stockholm, Santa Clara, and Singapore, focuses on hardware-backed authentication and has been involved in the development of the FIDO2, WebAuthn, and FIDO U2F standards. Its technology is used in more than 160 countries.

The latest change addresses a practical challenge in passwordless rollouts: getting physical security keys into employees' hands and linking them to accounts without creating delays for IT teams.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member