This can be easily achieved by assigning the Device administrator role to a person, but requires Azure AD Premium licenses. You need local administrator or System privileges on the device.The device you’re configuring needs to be Azure AD-joined.
I choose the above eWBM GoldenGate FIDO2 security key of South Korean origin.
To make FIDO Key sign-in work with an Azure AD account, you’ll need to meet the following requirements: However, a method to achieve the same goal without Microsoft Intune is not part of the documentation… The official Microsoft documentation teaches us that Microsoft Intune is an optional requirement to configure Windows Hello for Business to show the option to display the FIDO security key sign-in method as part of the Sign-in options on the Windows Logon Screen for Azure AD accounts.