EZCMS best practices recommend that all hardware tokens (Yubikey, FIDO2 Keys, and Smartcards) issued are pre-registered by your organization. This pre-registration allows you to keep track of your inventory as well as preventing supply chain attacks where you send the keys to the user and someone changes the key for a compromised Key.