check before: 2025-03-03
Product:
Entra, Microsoft 365 Apps
Platform:
Online, US Instances, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Summary:
Starting mid-January 2025, organizations with enabled passkey (FIDO2) policy and no key restrictions will have passkeys in the Microsoft Authenticator app. Users can add this via aka.ms/MySecurityInfo, and it's enforced by Conditional Access policy. Organizations preferring not to enable this can impose key restrictions.
Details:
Beginning mid-January 2025, after the General Availability of passkeys in the Microsoft Authenticator app, organizations with the passkey (FIDO2) authentication methods policy enabled with no key restrictions will be enabled for passkeys in the Microsoft Authenticator app in addition to FIDO2 security keys. This update aligns with the broader availability of passkeys in Entra ID, extending from device-bound passkeys on security keys to device-bound passkeys also on user devices. Users who navigate to aka.ms/MySecurityInfo will see "Passkey in Microsoft Authenticator" as an authentication method they can add. Additionally, when Conditional Access (CA) authentication strengths policy is used to enforce passkey authentication, users who don't yet have any passkey will be prompted inline to register passkeys in Authenticator to meet the CA requirements. If an organization prefers not to enable this change for their users, they can work around it by enabling key restrictions in the passkey (FIDO2) policy. This change will not impact organizations with existing key restrictions or organizations that have not enabled the passkey (FIDO2) policy.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): Rollout will happen mid-January 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-10-29
updated:
2024-10-29
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Authentication Issues
Users may face difficulties in authenticating if they are not prepared for the new passkey method, leading to potential access issues.
- roles: End Users, IT Support
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/introducing-passkeys-in-microsoft-authenticator/ba-p/3851230
Increased Support Requests
The introduction of passkeys may lead to an increase in support requests from users unfamiliar with the new authentication method.
- roles: IT Support, Helpdesk Staff
- references: https://www.microsoft.com/en-us/security/blog/2023/10/10/understanding-passkeys-and-their-role-in-modern-authentication/
User Experience Disruption
Users may experience disruptions in their login process if they are not informed about the new passkey feature, leading to frustration and decreased productivity.
- roles: End Users, System Administrators
- references: https://www.microsoft.com/en-us/security/blog/2023/10/10/understanding-passkeys-and-their-role-in-modern-authentication/
Compliance Risks
Organizations may face compliance risks if users are not properly transitioned to the new authentication method, potentially leading to security vulnerabilities.
- roles: Compliance Officers, IT Security
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/introducing-passkeys-in-microsoft-authenticator/ba-p/3851230
Documentation Gaps
Existing documentation may not cover the new passkey feature, leading to confusion among users and IT staff regarding authentication processes.
- roles: IT Support, Documentation Specialists
- references: https://www.microsoft.com/en-us/security/blog/2023/10/10/understanding-passkeys-and-their-role-in-modern-authentication/
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.