Is the YubiKey tokens you have purchased are in the OATH-HOTP mode or Yubico OTP mode? The separate procedures for these two types of YubiKeys are outlined in the Defender 5.8.2 AdminGuide. Chapter 3 - Configuring security tokens.
If the Yubikey's programmed in OATH-HOTP Mode (as evidence by them being imported into the admin console. As such you would need to set the management portal to be OATH-Compliant (NOT Yubikey) and then enter the serial number at the "Enter token serial number" field. Then the user should be prompted for the OTP.
The serial number (7 digits), which is on the sticker on the actual YubiKey device.
If the token user see's the "Enter YubiKey one-time password" field and attempts to enter the token code generated on the YubiKey by pressing the button then see's the error message "Error in the application." that means Defender self-registry management console is configured with "YubiKey Token". As this will not work because the Yubikey's programmed in OATH-HOTP Mode (as evidence by them being imported into the admin console. That is why the Defender Admin need to configure the Defender Management self-registration portal to "OATH-Compliant"