MC1282568 – General Availability: Microsoft Entra passkeys on Windows

Product:

Entra, Microsoft 365 Apps, Windows

Platform:

Mac, Online, US Instances, World tenant

Status:

Scheduled

Change type:

Feature update, User impact, Admin impact

Links:

MC1247893

Details:

Summary:
Microsoft Entra passkeys on Windows will be generally available from late April 2026, enabling passwordless, phishing-resistant sign-in on Windows devices without requiring explicit opt-in. This supports corporate, personal, and shared devices, with admin controls via Authentication Methods policies and Conditional Access. No action needed unless blocking is desired.

Details:
[Introduction]
Microsoft Entra passkeys on Windows will soon be Generally Available, enabling phishing-resistant, passwordless sign-in to Microsoft Entra-protected resources from Windows devices.
The Public Preview of this capability was previously announced in MC1247893.
Users can create device-bound passkeys stored in the Windows Hello container and authenticate using Windows Hello methods (face, fingerprint, or PIN). This expands passwordless authentication support to Windows devices that aren't Microsoft Entra-joined or registered, helping organizations strengthen security and reduce reliance on passwords across corporate-managed, personal, and shared device scenarios.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out in late April 2026 and expect to complete by mid-June 2026.
General Availability (GCC, GCC High, DoD): We will begin rolling out in early July 2026 and expect to complete by late July 2026.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2026-04-17

updated:
2026-04-18

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Increased Security Risks
Without proper preparation, users may inadvertently create and use passkeys on unmanaged devices, increasing the risk of unauthorized access and data breaches.
   - roles: IT Administrators, Security Officers
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-entra-passkeys-on-windows#supported-windows-hello-passkey-authenticator-attestation-guids-aaguids

User Confusion and Frustration
Users may face confusion regarding the new passkey system, leading to frustration if they encounter issues or if their devices are not properly configured for passkey usage.
   - roles: End Users, Help Desk Support
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-entra-passkeys-on-windows#supported-windows-hello-passkey-authenticator-attestation-guids-aaguids

Compliance and Policy Violations
Changes in passkey usage without prior preparation may lead to violations of existing compliance policies if unmanaged devices are allowed access without proper controls.
   - roles: Compliance Officers, IT Administrators
   - references: https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-entra-passkeys-on-windows#supported-windows-hello-passkey-authenticator-attestation-guids-aaguids

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only