I just installed the Windows 10 1809 update, which includes support for FIDO2 passwordless sign-in. I own a Yubikey 5, which supports this standard. However, I am not able to set up Windows Hello, a prerequisite for FIDO2 sign-in, because my PC motherboard does not have a TPM installed.
Edit: The comments correctly point out that the article does not mention that Windows Hello is a prerequisite. However, the setting "Windows Hello and security keys" mentioned here is not available to me. I assume this is because I have not set up Windows Hello.
According to the same Microsoft blog post,
The private key is stored securely on the device ... [At the same time] the public key is sent to the Microsoft account system in the cloud.
This implies that using FIDO2 login does not store any secrets in the TPM on the motherboard, since the security key stores them (as expected). If this is correct, why does Microsoft require Windows Hello, and therefore a motherboard TPM? If it's an oversight or deliberate corner-cutting, are they likely to fix it any time soon?
Is there any way I might get this to work without purchasing a TPM that I don't need and won't actually use?
(Background: I don't need this feature but I am interested in the technology and would find it fun to try out.)