FIDO2 security keys are increasingly becoming the “modern smartcard” for organizations that are looking to go passwordless, including those within the Microsoft ecosystem of cloud and hybrid identity. As with Windows Hello for Business (WHfB), they provide the power of asymmetric key-pair based authentication. But unlike WHfB, where the key-pair is bound to the TPM, FIDO2 security keys allow for secure portability of those credentials. The private key still never leaves the FIDO2 security key, but you have the convenience of using the same set of credentials on whatever device you connect it to. At a high-level, you can think of them as a "TPM on a stick".
The intention of this site is to continually keep track of the FIDO2 options out there - all the design choices, features, and options can be dizzying at times. Along with this, a quick review will help you understand what keys may stand out, and what keys have problems. The focus is on compatibility with Azure Active Directory, even though these keys should work similarly for any identity provider that supports FIDO2 (or FIDO U2F for those that provide such).
Before we jump into things, just a few notes: