check before: 2027-10-14
Product:
Entra, Microsoft Graph
Platform:
Developer, Online, World tenant
Status:
Change type:
Retirement
Links:
Details:
Summary:
Starting October to November 2027, Microsoft will retire the isAttestationEnforced and keyRestrictions properties from the fido2AuthenticationMethodConfiguration API. These will sync with new properties in the updated passkey policy API schema during transition. Admins must update configurations, automations, and integrations accordingly.
Details:
Introduction
Starting October 2027 and ending November 2027, we will retire the isAttestationEnforced and keyRestrictionsproperties from the existing fido2AuthenticationMethodConfiguration API schema. This change aligns with the latest update to the passkey policy API schema, which introduces support for granular group-based configurations with passkey profiles.
During the retirement period, isAttestationEnforced and keyRestrictions will remain in sync with their counterparts attestationEnforcement and keyRestrictions within the Default passkey profile.
When this will happen
Retirement begins in mid-October 2027 and is expected to complete by early November 2027.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-11-20
updated:
2025-11-20
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Retirement of Authentication Properties
The retirement of isAttestationEnforced and keyRestrictions properties may lead to disruptions in FIDO2 authentication configurations, causing potential authentication failures for users.
- roles: IT Admin, Security Officer
- references: https://learn.microsoft.com/graph/api/resources/fido2authenticationmethodconfiguration?view=graph-rest-1.0
Impact on Custom Automations
Existing custom automations relying on the retired properties will cease to function, leading to potential service interruptions and increased workload for IT staff to update these automations.
- roles: IT Admin, DevOps Engineer
- references: https://learn.microsoft.com/graph/api/resources/fido2authenticationmethodconfiguration?view=graph-rest-1.0
Third-Party Integrations Failure
Third-party integrations that utilize the retired properties will stop working, which may affect user access and overall user experience.
- roles: IT Admin, Application Support Specialist
- references: https://learn.microsoft.com/graph/api/resources/fido2authenticationmethodconfiguration?view=graph-rest-1.0
Increased Support Requests
Users may experience authentication issues leading to an increase in support requests, putting additional strain on IT support resources.
- roles: Help Desk Technician, IT Admin
- references: https://learn.microsoft.com/graph/api/resources/fido2authenticationmethodconfiguration?view=graph-rest-1.0
Documentation Updates Required
Internal documentation will need to be updated to reflect the changes in the authentication method configurations, which may lead to confusion if not managed properly.
- roles: IT Admin, Technical Writer
- references: https://learn.microsoft.com/graph/api/resources/fido2authenticationmethodconfiguration?view=graph-rest-1.0
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 months ago ago
