MC920300 – Microsoft Entra: Enablement of Passkeys in Authenticator for passkey (FIDO2) organizations with no key restrictions

cloudscout.one Icon

check before: 2025-03-03

Product:

Entra, Microsoft 365 Apps

Platform:

Online, US Instances, World tenant

Status:

Change type:

Admin impact

Links:

Details:

Summary:
Starting mid-January 2025, organizations with enabled passkey (FIDO2) policy and no key restrictions will have passkeys in the Microsoft Authenticator app. Users can add this via aka.ms/MySecurityInfo, and it's enforced by Conditional Access policy. Organizations preferring not to enable this can impose key restrictions.

Details:
Beginning mid-January 2025, after the General Availability of passkeys in the Microsoft Authenticator app, organizations with the passkey (FIDO2) authentication methods policy enabled with no key restrictions will be enabled for passkeys in the Microsoft Authenticator app in addition to FIDO2 security keys. This update aligns with the broader availability of passkeys in Entra ID, extending from device-bound passkeys on security keys to device-bound passkeys also on user devices. Users who navigate to aka.ms/MySecurityInfo will see "Passkey in Microsoft Authenticator" as an authentication method they can add. Additionally, when Conditional Access (CA) authentication strengths policy is used to enforce passkey authentication, users who don't yet have any passkey will be prompted inline to register passkeys in Authenticator to meet the CA requirements. If an organization prefers not to enable this change for their users, they can work around it by enabling key restrictions in the passkey (FIDO2) policy. This change will not impact organizations with existing key restrictions or organizations that have not enabled the passkey (FIDO2) policy.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): Rollout will happen mid-January 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-10-29

updated:
2024-10-29

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

User Authentication Issues
Users may face difficulties in authenticating if they are not prepared for the new passkey method, leading to potential access issues.
   - roles: End Users, IT Support
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/introducing-passkeys-in-microsoft-authenticator/ba-p/3851230

Increased Support Requests
The introduction of passkeys may lead to an increase in support requests from users unfamiliar with the new authentication method.
   - roles: IT Support, Helpdesk Staff
   - references: https://www.microsoft.com/en-us/security/blog/2023/10/10/understanding-passkeys-and-their-role-in-modern-authentication/

User Experience Disruption
Users may experience disruptions in their login process if they are not informed about the new passkey feature, leading to frustration and decreased productivity.
   - roles: End Users, System Administrators
   - references: https://www.microsoft.com/en-us/security/blog/2023/10/10/understanding-passkeys-and-their-role-in-modern-authentication/

Compliance Risks
Organizations may face compliance risks if users are not properly transitioned to the new authentication method, potentially leading to security vulnerabilities.
   - roles: Compliance Officers, IT Security
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/introducing-passkeys-in-microsoft-authenticator/ba-p/3851230

Documentation Gaps
Existing documentation may not cover the new passkey feature, leading to confusion among users and IT staff regarding authentication processes.
   - roles: IT Support, Documentation Specialists
   - references: https://www.microsoft.com/en-us/security/blog/2023/10/10/understanding-passkeys-and-their-role-in-modern-authentication/

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Share to MS Teams

Login to your account

Welcome Back, We Missed You!