I want to use my FIDO2 key as logon option in Azure AD.
According to these release note:
the actual firmware should support “AAGUID”, which I need for unlocking the Nitrokey FIDO2 keys in Azure AD, because only certain key types should be allowed (Restrict specific keys).
I could not find any docs like for the YubiKeys in your forum, Q&A, …
Sorry for the confusion. The pasted AAGUID is encoded in the DER format, where the first two bytes mean type and length of the data respectively. The actual AAGUID is:
C3 9E FB A6 FC F4 4C 3E 82 8B FC 4A 61 15 A0 FF, or
c39efba6-fcf4-4c3e-828b-fc4a6115a0ff
And this is what is returned to the host on the query. Source code.