check before: 2026-03-01
Product:
Entra
Platform:
Online, US Instances, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Starting March 2026, Microsoft Entra ID will auto-enable passkey profiles with a new passkeyType property for device-bound and synced passkeys. Tenants not opting in will be migrated automatically, with existing settings preserved. Microsoft-managed registration campaigns will update targeting to passkeys. Preparation and configuration before rollout are recommended.
Details:
[Introduction]
Starting in March 2026, Microsoft Entra ID will introduce passkey profiles and synced passkeys to General Availability (GA). This update allows administrators to opt in to a new passkey profiles experience that supports group-based passkey configurations and introduces a new passkeyType property.
The passkeyType property enables admins to configure:
Device-bound passkeys
Synced passkeys
Both
If a tenant does not opt in to passkey profiles during the initial rollout window, the new schema will be automatically enabled at the date range specified below. When this occurs:
Existing Passkey (FIDO2) authentication method configurations will be moved into a Default passkey profile.
The passkeyType value will be set based on the tenant's current attestation settings.
For tenants that have synced passkeys enabled, Microsoft-managed registration campaigns will update to target passkeys.
[When this will happen]
General Availability (Worldwide): Rollout begins in early March 2026 and is expected to complete by late March 2026.
Automatic enablement for tenants that have not yet opted in (Worldwide): Rollout begins in early April 2026 and is expected to complete by late May 2026.
General Availability (GCC, GCC High, and DoD): Rollout begins in early April 2026 and is expected to complete by late April 2026.
Automatic enablement for tenants that have not yet opted in (GCC, GCC High, and DoD): Rollout begins in early June 2026 and is expected to complete by late June 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-01-23
updated:
2026-01-23
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft Entra ID will introduce passkey profiles in March 2026, allowing administrators to set up device-bound or synced passkeys, with automatic transition for those not opting in, shifting focus from the Microsoft Authenticator app to these new passkeys for enhanced security.
Direct effects for Operations**
Automatic Migration to Default Passkey Profile
Tenants not opting in will have their existing Passkey configurations migrated to a Default passkey profile, potentially leading to unexpected authentication behavior.
- roles: IT Administrators, End Users
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles
Changes in Registration Campaign Targeting
The default user targeting for Microsoft-managed registration campaigns will change, which may confuse users who are accustomed to previous authentication methods.
- roles: IT Administrators, End Users
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-mfa-registration-campaign
Configuration of PasskeyType Property
The new passkeyType property will be auto-populated based on existing settings, which may not align with organizational security policies, leading to potential vulnerabilities.
- roles: IT Security Officers, IT Administrators
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles
Unlimited Snoozes in Registration Campaigns
The settings for snoozes in registration campaigns will change to allow unlimited snoozes, which may lead to users delaying necessary authentication updates.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-mfa-registration-campaign
Lack of User Awareness and Training
Without proper preparation and communication, users may be unaware of the changes in passkey availability and behavior, leading to increased support requests and frustration.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-synced-passkeys
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
