Working with a FIDO2 security key in a virtual machine

I have multiple Microsoft 365 tenants which I’m working with. And in these tenants I use FIDO2 security keys, to keep things safe, but also to test different scenarios for example to create blog posts. When I want the test the logon experience to Windows with a FIDO2 USB key that requires the use of physical hardware. But as I’m just a poor guy, I don’t have the hardware to join a physical device for every scenario I want to, in every tenant I have. And besides that, using a VM is also handy when creating screenshots or videos of the logon experience with a key.
So I was looking for a solution to use the FIDO keys in my Hyper-V virtual machines. Maybe I can’t search quite well, but I couldn’t find a solution to map the USB key to the guest with Hyper-V.

Fortunately, another (free for noncommercial use) virtualization program does support mapping USB-connected stuff in the VM guest: VirtualBox! And it even does run fine on Windows 10 (tested on 20H2) next to Hyper-V.

It’s pretty simple to use a USB device in VirtualBox, I show the few steps below.

Configure VirtualBox

VirtualBox can be downloaded from this site.

The installation is straightforward, so is creating a VM in VirtualBox.

Make sure the FIDO2 security key is connected to your host machine.
When you have you’re VM up and running, open Settings (via Machine or directly from the VirtualBox Manager). On the USB tab, make sure Enable USB controller is checked.



On the right side, click the USB icon with the plus sign and select the key from the list. In this case, that’s the FS BioPassFIDO2 [1402].

The key is shown in the list. Click OK.



When the VM is turned on, choose USB in the menu and select the previously added key.




The device might need a reboot to get mapped in the VM, but after that, the key is available in the VM and we can see it in Device Manager.

And indeed, it can be used to sign in to the VM which runs Windows.

And we can manage the security key in the VM.

Thanks for reading!

Be the first to comment

Leave a Reply

Your email address will not be published.