I successfully managed to register my NitroKey FIDO2 token with a free Azure subscription, so that it now allows me a passwordless logon to the Azure Portal.
However, when trying the same with an Azure Enterprise subscription, I get the message on the last step of enrolling the key that “this special key type has been blocked by your organisation”.
Enforce attestation was turned on in both environments and as said in the free subscription it did work flawlessly but not in the Enterprise subscription, even though the settings were the same.
I also checked that I have the latest firmware version installed on my NitroKey FIDO2.
Could you please also let me know what the AAGUID for the NitroKey FIDO2 is, so one can try adding and whitelisting this specific one to the list of allowed AAGUIDs.