IMPORTANT: The function "Lock Computer when token is removed" inside SES or SDWeb doesn't work with PIV cards as for example Yubikey.
However there is an option within Windows which might somehow enable that.
The standard way to set up this behavior in Windows is by using the native smart card removal policy. This works when your YubiKey is utilized for Windows login with its PIV (Personal Identity Verification) functionality, making it act like a smart card.
The Yubico Support article, titled "Troubleshooting the smart card removal policy," outlines the requirements and troubleshooting steps for this method.
Steps based on the search results, often mentioned by Yubico support:
Configure the Security Policy:
Open the Local Security Policy editor (run
gpedit.mscas an administrator, or use Group Policy Management for a domain environment).Navigate to:
Computer Configuration$\$rightarrowWindows Settings$\$rightarrowSecurity Settings$\$rightarrowLocal Policies$\$rightarrowSecurity Options.Find the setting: "Interactive logon: Smart card removal behavior".
Set this value to "Lock Workstation" (or "Force Logoff" if you prefer to end the session entirely).
Verify the Service is Running:
The lock behavior depends on the "Smart Card Removal Policy" service.
Open the Services management console (run
services.msc).Locate the "Smart Card Removal Policy" service.
Ensure its Startup type is set to Automatic (or Automatic (Delayed Start) to prevent immediate lockouts right after logging in) and that the service is running.
If you have configured your YubiKey for PIV-based Windows login, this method uses the built-in Windows functionality that the key supports.
Yubico information:
Troubleshooting the smart card removal policy
Microsoft information:
smart card removal policy service
smart card removal policy not working