check before: 2026-03-15
Product:
Entra, Microsoft 365 Apps, Windows
Platform:
Mac, Online, US Instances, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Entra passkeys on Windows enable phishing-resistant, passwordless sign-in using Windows Hello on Entra-protected resources, including unmanaged devices. Public preview starts mid-March 2026. Organizations must opt in and configure policies to enable this feature; no impact occurs without activation.
Details:
[Introduction]
We're introducing Microsoft Entra passkeys on Windows to enable phishing-resistant sign-in to Entra-protected resources. This update allows users to create device‑bound passkeys stored in the Windows Hello container and authenticate using Windows Hello methods (face, fingerprint, or PIN). It also expands passwordless authentication to Windows devices that aren't Entra‑joined or registered, helping organizations strengthen security and reduce reliance on passwords.
[When this will happen]
Public preview: Rolling out from mid-March 2026 through late April 2026
General Availability
Worldwide: Mid‑March 2026 to mid‑April 2026
GCC: Mid-April 2026 to mid-May 2026
GCC High: Mid-April 2026 to mid-May2026
DoD: Mid-April 2026 to Mid-May 2026
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-03-17
updated:
2026-03-17
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Authentication Issues
If organizations do not prepare for the implementation of Microsoft Entra passkeys, users may face difficulties in authenticating to Entra-protected resources, especially if they are using unmanaged devices. This could lead to increased login failures and user frustration.
- roles: End Users, IT Support
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles
Increased Support Requests
Without proper communication and training regarding the new passkey feature, IT support may experience a surge in support requests from users who are confused about the new authentication method, leading to longer resolution times and decreased user satisfaction.
- roles: IT Support, Help Desk Staff
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles
Security Risks
If organizations opt-in to the passkey feature without adequate preparation, there may be security risks associated with improper configuration of authentication methods, potentially exposing sensitive data to unauthorized access.
- roles: Security Administrators, Compliance Officers
- references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-passkey-profiles
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
