After so much interest from my post on Friday, I figured I’d do one better and make a PowerShell module that does it for you. So now you will be able to find which FIDO2 keys are attestation compatible with Entra right from your terminal. In the very near future I will have individual functions for exporting to Excel, CSV, Markdown, and PDF, but know a lot of people like to customize that themselves. I even put a few quick pointers on GitHub for it too, but will be doing tutorials shortly as well.
I’m still cleaning up the GitHub, but it is in the PowerShell Gallery and on GitHub at the links below.
You are able to search by Brand and/or device type such as USB, NFC, BLE, or BIO. These values are all parameter validated so if you do not see a brand that you have, then currently it is not compatible. Here is also the original link I shared on Friday Microsoft Learn FIDO2 Hardware Attestation.
Let me know what you think and do you find it useful. There are a few other features I want to add, but open to any other suggestions or do you think it is good as is?
And don’t forget the mid Oct deadline is coming up quickly for Entra admin portals, good luck!
PowerShell Gallery: EntraFIDOFinder
GitHub: EntraFIDOFinder