*For this entry exists the more relevant or more recent entry MC1279092
check before: 2026-04-01
Product:
Entra
Platform:
Online, US Instances, World tenant
Status:
Rolling out
Change type:
Admin impact, New feature, Updated message, User impact
Details:
Summary:
Microsoft has decided not to proceed with adding Passkeys (FIDO2) as an authentication method in Microsoft Registration Campaigns starting April 2026. Previously planned changes, including automatic updates and nudges for MFA-capable users, will not be implemented at this time. Updates are available in MC1279092.
Details:
Updated April 14, 2026: After further review, we have decided not to move forward with this change at this time. You can refer to MC1279092 for updates. We apologize for any inconvenience this may cause and appreciate your understanding.
[Introduction]
As previously announced in MC1221452, Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method starting in early April 2026. This update helps organizations accelerate adoption of phishing‑resistant credentials by allowing administrators to opt users into Passkeys and deliver Passkey registration nudges during sign‑in.
Please refer to MC1279092 for updates.
[When this will happen]
General Availability (Worldwide): We will begin rolling out in early April 2026 and expect to complete in late May 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-03-17
updated:
2026-04-16
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Please, look at the most relevant linked item for details
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-04-16 | MC prepare | Opting into Passkey Registration Nudges:
You can opt into Passkeys and switch your users to receive a Passkey registration nudge. However, the nudge will only appear for the user if all of the following conditions are met: The user is MFA‑capable They have at least one registered MFA method They can successfully complete MFA at sign‑in Under Authentication methods > Policies, the user is in scope for Passkeys (FIDO2) Under Authentication methods > Policies > Passkeys (FIDO2) > Configure, make sure you have Allow self-service set up checked. Important Guidance: Microsoft Managed State: We will roll out these changes incrementally to in-scope tenants starting in early April. This rollout will take time, and even if your tenant meets the eligibility criteria, you may not see the changes immediately. Enabled State Over time, we will incrementally refine the logic for Passkeys nudges in Microsoft Registration Campaigns to guide users toward the appropriate passkey registration experience based on their passkey profile scope. Initially, the logic may not account for every edge‑case scenario, but we are actively expanding and improving it on an ongoing basis. When users have passkey profile restrictions (for example, AAGUID restrictions), the registration experience triggered by the nudge may not be optimal. Using Passkeys Despite Restrictions You can still set Passkeys as the target authentication method in Microsoft Registration Campaigns. However, users may encounter a poor or confusing experience if they have passkey profile restrictions. Example: If a user is scoped into specific AAGUID synced passkeys only, they may see a Passkey nudge at sign‑in. If they attempt to register a device‑bound passkey, the registration will fail because they are not in scope for that passkey type. Recommended next steps Review your Registration Campaign state by early April 2026. Communicate this change to helpdesk or support teams. Update internal documentation on authentication method enrollment. If you prefer to continue targeting Microsoft Authenticator, verify this configuration before rollout. Learn more: How to enable passkey (FIDO2) profiles in Microsoft Entra ID (preview) | Authentication | Microsoft Entra ID | Microsoft Entra | Microsoft Learn https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles https://portal.prod.iridias.microsofticm.com/messagecenter?id=1279092 | Opting into Passkey Registration Nudges:
You can opt into Passkeys and switch your users to receive a Passkey registration nudge. However, the nudge will only appear for the user if all of the following conditions are met: The user is MFA‑capable They have at least one registered MFA method They can successfully complete MFA at sign‑in Under Authentication methods > Policies, the user is in scope for Passkeys (FIDO2) Under Authentication methods > Policies > Passkeys (FIDO2) > Configure, make sure you have Allow self-service set up checked. Important Guidance: Microsoft Managed State: We will roll out these changes incrementally to in-scope tenants starting in early April. This rollout will take time, and even if your tenant meets the eligibility criteria, you may not see the changes immediately. Enabled State Over time, we will incrementally refine the logic for Passkeys nudges in Microsoft Registration Campaigns to guide users toward the appropriate passkey registration experience based on their passkey profile scope. Initially, the logic may not account for every edge‑case scenario, but we are actively expanding and improving it on an ongoing basis. When users have passkey profile restrictions (for example, AAGUID restrictions), the registration experience triggered by the nudge may not be optimal. Using Passkeys Despite Restrictions You can still set Passkeys as the target authentication method in Microsoft Registration Campaigns. However, users may encounter a poor or confusing experience if they have passkey profile restrictions. Example: If a user is scoped into specific AAGUID synced passkeys only, they may see a Passkey nudge at sign‑in. If they attempt to register a device‑bound passkey, the registration will fail because they are not in scope for that passkey type. Recommended next steps Review your Registration Campaign state by early April 2026. Communicate this change to helpdesk or support teams. Update internal documentation on authentication method enrollment. If you prefer to continue targeting Microsoft Authenticator, verify this configuration before rollout. Learn more: How to enable passkey (FIDO2) profiles in Microsoft Entra ID (preview) | Authentication | Microsoft Entra ID | Microsoft Entra | Microsoft Learn https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles |
| 2026-04-16 | MC Last Updated | 04/14/2026 20:43:16 | 2026-04-15T18:34:58Z |
| 2026-04-15 | MC Last Updated | 04/09/2026 18:35:37 | 2026-04-14T20:43:16Z |
| 2026-04-15 | MC Messages | Updated April 9, 2026: After further review, we have decided not to move forward with this change at this time. We will communicate via a new Message center post when we are ready to proceed. We apologize for any inconvenience this may cause and appreciate your understanding.
[Introduction] As previously announced in MC1221452, Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method starting in early April 2026. This update helps organizations accelerate adoption of phishing‑resistant credentials by allowing administrators to opt users into Passkeys and deliver Passkey registration nudges during sign‑in. [When this will happen] General Availability (Worldwide): We will begin rolling out in early April 2026 and expect to complete in late May 2026. | Updated April 14, 2026: After further review, we have decided not to move forward with this change at this time. You can refer to MC1279092 for updates. We apologize for any inconvenience this may cause and appreciate your understanding.
[Introduction] As previously announced in MC1221452, Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method starting in early April 2026. This update helps organizations accelerate adoption of phishing‑resistant credentials by allowing administrators to opt users into Passkeys and deliver Passkey registration nudges during sign‑in. Please refer to MC1279092 for updates. [When this will happen] General Availability (Worldwide): We will begin rolling out in early April 2026 and expect to complete in late May 2026. |
| 2026-04-15 | MC Summary | Microsoft has decided to delay the rollout of Passkeys (FIDO2) support in Microsoft Registration Campaigns initially planned for April 2026. When implemented, it will enable admins to nudge MFA-capable users to register Passkeys, changing default settings and targeting. Organizations should review configurations and prepare accordingly. | Microsoft has decided not to proceed with adding Passkeys (FIDO2) as an authentication method in Microsoft Registration Campaigns starting April 2026. Previously planned changes, including automatic updates and nudges for MFA-capable users, will not be implemented at this time. Updates are available in MC1279092. |
| 2026-04-15 | MC End Time | 04/15/2026 09:00:00 | 2026-04-17T09:00:00Z |
| 2026-04-15 | MC prepare | Opting into Passkey Registration Nudges:
You can opt into Passkeys and switch your users to receive a Passkey registration nudge. However, the nudge will only appear for the user if all of the following conditions are met: The user is MFA‑capable They have at least one registered MFA method They can successfully complete MFA at sign‑in Under Authentication methods > Policies, the user is in scope for Passkeys (FIDO2) Under Authentication methods > Policies > Passkeys (FIDO2) > Configure, make sure you have Allow self-service set up checked. Important Guidance: Microsoft Managed State: We will roll out these changes incrementally to in-scope tenants starting in early April. This rollout will take time, and even if your tenant meets the eligibility criteria, you may not see the changes immediately. Enabled State Over time, we will incrementally refine the logic for Passkeys nudges in Microsoft Registration Campaigns to guide users toward the appropriate passkey registration experience based on their passkey profile scope. Initially, the logic may not account for every edge‑case scenario, but we are actively expanding and improving it on an ongoing basis. When users have passkey profile restrictions (for example, AAGUID restrictions), the registration experience triggered by the nudge may not be optimal. Using Passkeys Despite Restrictions You can still set Passkeys as the target authentication method in Microsoft Registration Campaigns. However, users may encounter a poor or confusing experience if they have passkey profile restrictions. Example: If a user is scoped into specific AAGUID synced passkeys only, they may see a Passkey nudge at sign‑in. If they attempt to register a device‑bound passkey, the registration will fail because they are not in scope for that passkey type. Recommended next steps Review your Registration Campaign state by early April 2026. Communicate this change to helpdesk or support teams. Update internal documentation on authentication method enrollment. If you prefer to continue targeting Microsoft Authenticator, verify this configuration before rollout. Learn more: How to enable passkey (FIDO2) profiles in Microsoft Entra ID (preview) | Authentication | Microsoft Entra ID | Microsoft Entra | Microsoft Learn https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles | Opting into Passkey Registration Nudges:
You can opt into Passkeys and switch your users to receive a Passkey registration nudge. However, the nudge will only appear for the user if all of the following conditions are met: The user is MFA‑capable They have at least one registered MFA method They can successfully complete MFA at sign‑in Under Authentication methods > Policies, the user is in scope for Passkeys (FIDO2) Under Authentication methods > Policies > Passkeys (FIDO2) > Configure, make sure you have Allow self-service set up checked. Important Guidance: Microsoft Managed State: We will roll out these changes incrementally to in-scope tenants starting in early April. This rollout will take time, and even if your tenant meets the eligibility criteria, you may not see the changes immediately. Enabled State Over time, we will incrementally refine the logic for Passkeys nudges in Microsoft Registration Campaigns to guide users toward the appropriate passkey registration experience based on their passkey profile scope. Initially, the logic may not account for every edge‑case scenario, but we are actively expanding and improving it on an ongoing basis. When users have passkey profile restrictions (for example, AAGUID restrictions), the registration experience triggered by the nudge may not be optimal. Using Passkeys Despite Restrictions You can still set Passkeys as the target authentication method in Microsoft Registration Campaigns. However, users may encounter a poor or confusing experience if they have passkey profile restrictions. Example: If a user is scoped into specific AAGUID synced passkeys only, they may see a Passkey nudge at sign‑in. If they attempt to register a device‑bound passkey, the registration will fail because they are not in scope for that passkey type. Recommended next steps Review your Registration Campaign state by early April 2026. Communicate this change to helpdesk or support teams. Update internal documentation on authentication method enrollment. If you prefer to continue targeting Microsoft Authenticator, verify this configuration before rollout. Learn more: How to enable passkey (FIDO2) profiles in Microsoft Entra ID (preview) | Authentication | Microsoft Entra ID | Microsoft Entra | Microsoft Learn https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles https://portal.prod.iridias.microsofticm.com/messagecenter?id=1279092 |
| 2026-04-10 | MC MessageTagNames | New feature, User impact, Admin impact | Updated message, New feature, User impact, Admin impact |
| 2026-04-10 | MC Summary | Starting April 2026, Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method, enabling phishing-resistant credentials. Eligible Microsoft 365 tenants can opt users into Passkey registration nudges during sign-in. Changes will roll out gradually, affecting MFA-capable users with specific policy settings. | Microsoft has decided to delay the rollout of Passkeys (FIDO2) support in Microsoft Registration Campaigns initially planned for April 2026. When implemented, it will enable admins to nudge MFA-capable users to register Passkeys, changing default settings and targeting. Organizations should review configurations and prepare accordingly. |
| 2026-04-10 | MC Last Updated | 03/16/2026 23:27:27 | 2026-04-09T18:35:37Z |
| 2026-04-10 | MC Messages | [Introduction]
As previously announced in MC1221452, Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method starting in early April 2026. This update helps organizations accelerate adoption of phishing‑resistant credentials by allowing administrators to opt users into Passkeys and deliver Passkey registration nudges during sign‑in. [When this will happen] General Availability (Worldwide): We will begin rolling out in early April 2026 and expect to complete in late May 2026. | Updated April 9, 2026: After further review, we have decided not to move forward with this change at this time. We will communicate via a new Message center post when we are ready to proceed. We apologize for any inconvenience this may cause and appreciate your understanding.
[Introduction] As previously announced in MC1221452, Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method starting in early April 2026. This update helps organizations accelerate adoption of phishing‑resistant credentials by allowing administrators to opt users into Passkeys and deliver Passkey registration nudges during sign‑in. [When this will happen] General Availability (Worldwide): We will begin rolling out in early April 2026 and expect to complete in late May 2026. |
| 2026-04-10 | MC Title | Microsoft Entra: Passkeys in Microsoft registration campaigns | (Updated) Microsoft Entra: Passkeys in Microsoft registration campaigns |
| 2026-04-10 | MC End Time | 07/01/2026 09:00:00 | 2026-04-15T09:00:00Z |
Last updated 1 day ago ago
