Microsoft is rolling out passkey support for Microsoft Entra-protected resources on Windows devices starting late April 2026, with general availability expected by mid-June 2026. The feature enables phishing-resistant passwordless authentication via FIDO2 passkeys stored in the Windows Hello container, supporting facial recognition, fingerprint, or PIN. It extends to unmanaged, personal, and shared Windows devices that are not Entra-joined or registered. Unlike Windows Hello for Business, these passkeys are user-initiated and scoped to Entra ID authentication only (no device sign-in or SSO). Passkeys are cryptographically device-bound and never transmitted over the network, closing a security gap that previously left non-managed devices reliant on passwords. The rollout is part of Microsoft's broader Secure Future Initiative and follows recent waves of credential-theft attacks targeting Entra SSO accounts.
Table of contents
Related Articles:Sort: