How To Manage Yubikey and Smart Card Inventory for Entra ID

Overview - How To Manage Key Inventory and Prevent Supply Chain Attacks for Hardware Tokens

EZCMS best practices recommend that all hardware tokens (Yubikey, FIDO2 Keys, and Smartcards) issued are pre-registered by your organization. This pre-registration allows you to keep track of your inventory as well as preventing supply chain attacks where you send the keys to the user and someone changes the key for a compromised Key.

How To Register a Hardware Token for Entra ID Bootstrapping

  1. Open your EZCMS client application.
  2. Login as an administrator.
  3. Select the “Admin Manage Security Tokens”.
  4. Select the “Register Security Tokens” tab. Register YubiKey For Entra ID
  5. Connect the smart card you want to register.
  6. Click “Refresh”.
  7. Select the hardware token you want to register. Register YubiKey For Entra ID
  8. If you are using a different administration Key, enter the Key Most people use the default, this is for organizations that have custom keys created for them.
  9. Click “Next” to register the hardware token. How to register a Yubikey for Microsoft 365 enrollment
  10. This key is now registered in your inventory and can be assigned to a user.