|
| 1 | +--- |
| 2 | +title: Using a YubiKey USB device in a Hyper-V virtual machine |
| 3 | +description: Provides guidance on using a YubiKey USB device for hardware encryption in a Hyper-V virtual machine (VM). |
| 4 | +ms.date: 08/14/2025 |
| 5 | +manager: dcscontentpm |
| 6 | +audience: itpro |
| 7 | +ms.topic: troubleshooting |
| 8 | +ms.reviewer: kaushika, simonw, v-lianna |
| 9 | +ms.custom: |
| 10 | +- sap:virtualization and hyper-v\installation and configuration of hyper-v |
| 11 | +- pcy:WinComm Storage High Avail |
| 12 | +--- |
| 13 | +# Using a YubiKey USB device in a Hyper-V virtual machine |
| 14 | + |
| 15 | +This article provides guidance on using a YubiKey USB device for hardware encryption in a Hyper-V virtual machine (VM). It explains how to achieve USB passthrough in Hyper-V, a feature that is not natively supported, and provides alternative methods to enable this functionality. |
| 16 | + |
| 17 | +## Prerequisites |
| 18 | + |
| 19 | +Before proceeding, ensure the following: |
| 20 | + |
| 21 | +* You have administrative access to both the Hyper-V host and the VM. |
| 22 | +* The YubiKey USB device is connected to the Hyper-V host. |
| 23 | +* The VM is running an operating system that supports the YubiKey. |
| 24 | +* Remote Desktop Protocol (RDP) is enabled on the VM if using the RDP method. |
| 25 | + |
| 26 | +## Symptoms |
| 27 | + |
| 28 | +When using Hyper-V, you may encounter the following issue: |
| 29 | + |
| 30 | +* The USB device (YubiKey) does not appear in the VM or cannot be accessed, even though it is connected to the Hyper-V host. |
| 31 | + |
| 32 | +This occurs because Hyper-V does not natively support USB passthrough to virtual machines. |
| 33 | + |
| 34 | +## Cause |
| 35 | + |
| 36 | +Hyper-V does not include built-in support for USB passthrough. This limitation prevents USB devices connected to the host from being directly accessed by the VM. Users who are accustomed to this functionality in other virtualization platforms, such as VMware, may need clarification on how to achieve similar results in Hyper-V. |
| 37 | + |
| 38 | +## Solution 1: Using Enhanced Session Mode |
| 39 | + |
| 40 | +Enhanced Session Mode enables interaction between the host and the VM, allowing USB devices to be redirected to the VM. |
| 41 | + |
| 42 | +1. Open **Hyper-V Manager** on the host. |
| 43 | +2. Select the Hyper-V host in the left-hand pane. |
| 44 | +3. In the right-hand pane, click **Hyper-V Settings**. |
| 45 | +4. Under **Server**, ensure that **Enhanced Session Mode Policy** is enabled. |
| 46 | +5. Under **User**, ensure that **Enhanced Session Mode** is enabled. |
| 47 | +6. Start the VM you want to connect the YubiKey to. |
| 48 | +7. Once the VM is running, open it in Enhanced Session Mode: |
| 49 | + |
| 50 | + * Close the VM window if it is already open. |
| 51 | + * Reconnect to the VM and select **Show Options**. |
| 52 | + * Navigate to the **Local Resources** tab. |
| 53 | + * Under **Local devices and resources**, click **More**. |
| 54 | + * Expand the **Other supported Plug and Play (PnP) devices** section and select the YubiKey device. |
| 55 | + * Click **OK** and reconnect to the VM. |
| 56 | + |
| 57 | +The YubiKey should now be accessible in the VM. |
| 58 | + |
| 59 | +## Solution 2: Using Remote Desktop Protocol (RDP) |
| 60 | + |
| 61 | +RDP allows USB devices connected to the host to be redirected to the VM. |
| 62 | + |
| 63 | +1. Configure the VM to allow RDP connections: |
| 64 | + |
| 65 | + * Log in to the VM and enable Remote Desktop in the system settings. |
| 66 | + * Allow the necessary firewall rules for Remote Desktop. |
| 67 | + |
| 68 | +2. From the Hyper-V host, open the **Remote Desktop Connection** application. |
| 69 | +3. In the RDP connection window, click **Show Options**. |
| 70 | +4. Navigate to the **Local Resources** tab. |
| 71 | +5. Under **Local devices and resources**, click **More**. |
| 72 | +6. Expand the **Other supported Plug and Play (PnP) devices** section and select the YubiKey device. |
| 73 | +7. Click **OK** and connect to the VM using RDP. |
| 74 | + |
| 75 | +Once connected via RDP, the YubiKey will be redirected and available in the VM. |
| 76 | + |
| 77 | +## Determine the cause of the problem |
| 78 | + |
| 79 | +If neither solution resolves the issue, consider the following: |
| 80 | + |
| 81 | +* Verify that the YubiKey is supported by the VM's operating system. |
| 82 | +* Ensure that the USB device is functioning correctly on the host machine. |
| 83 | +* Check for any additional configuration requirements specific to the YubiKey model. |
| 84 | + |
| 85 | +By following the steps outlined in this article, you can enable the use of a YubiKey USB device in a Hyper-V virtual machine. For further assistance, consult the YubiKey documentation or contact Microsoft Support. |
0 commit comments