Passkeys in Bluetooth-restricted environments

For passkey cross-device authentication scenarios, both the Windows device and the mobile device must have Bluetooth enabled and connected to the Internet.

Bluetooth required:

For passkey cross-device authentication scenarios, both the Windows device and the mobile device must have Bluetooth enabled and connected to the Internet. This allows the user to authorize another device securely over Bluetooth without transferring or copying the passkey itself.

Some organizations restrict Bluetooth usage, which includes the use of passkeys.
In such cases, organizations can allow passkeys by permitting Bluetooth pairing exclusively with passkey-enabled FIDO2 authenticators.

To limit the use of Bluetooth to only passkey use cases, use the Bluetooth Policy CSP
and the DeviceInstallation Policy CSP.

For more information please refer to Microsoft Windows Support Article

Whitelisting of domains: 

For passkeys to work correctly, certain domains must be accessible. Please make sure that the following domains are enabled in the proxy or firewall.
  • https://auth.trustservices.swisscom.com

Alternative option:

Security key If the above measures are not possible, a FIDO security key such as YubiKey can be used as a hardware-based alternative – once access to USB ports is allowed.