Message ID: MC920300
Beginning mid-January 2025, after the General Availability of passkeys in the Microsoft Authenticator app, organizations with the passkey (FIDO2) authentication methods policy enabled with no key restrictions will be enabled for passkeys in the Microsoft Authenticator app in addition to FIDO2 security keys. This update aligns with the broader availability of passkeys in Entra ID, extending from device-bound passkeys on security keys to device-bound passkeys also on user devices. Users who navigate to aka.ms/MySecurityInfo will see "Passkey in Microsoft Authenticator" as an authentication method they can add. Additionally, when Conditional Access (CA) authentication strengths policy is used to enforce passkey authentication, users who don’t yet have any passkey will be prompted inline to register passkeys in Authenticator to meet the CA requirements. If an organization prefers not to enable this change for their users, they can work around it by enabling key restrictions in the passkey (FIDO2) policy. This change will not impact organizations with existing key restrictions or organizations that have not enabled the passkey (FIDO2) policy.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): Rollout will happen mid-January 2025.
[How this will affect your organization:]
Who will be impacted: Organizations with the passkey (FIDO2) authentication methods policy enabled with no key restrictions set.
Who will not be impacted: Organizations that do not have the passkey (FIDO2) authentication methods policy enabled and organizations that have the passkey (FIDO2) authentication methods policy enabled and have key restrictions set.
[What you need to do to prepare:]
This rollout will happen automatically with no admin action required. You may want to notify your users about this change and update any relevant documentation as appropriate.
Source: Microsoft
The upcoming update on Microsoft Entra is gearing up to make waves in the way admins and users interact with authentication methods. With the introduction of passkeys in the Microsoft Authenticator app for organizations with the passkey (FIDO2) authentication methods policy enabled and no key restrictions, the user experience is set to get a whole lot smoother and secure.
Admins will find themselves in the driver’s seat of this change, ensuring a seamless transition for their organizations. Users, on the other hand, can look forward to the convenience of adding “Passkey in Microsoft Authenticator” as an authentication method, stepping up their security game with ease.
The impact of these changes is expected to be quite significant for organizations embracing this update, streamlining the authentication process and enhancing security measures. It’s a step towards a more user-friendly and secure authentication landscape.
So, get ready to embrace the future of authentication with a touch of humor and a sprinkle of excitement. Share your thoughts on how this update will impact you and your organization, and let’s spark a conversation. Your feedback matters, so don’t hesitate to drop a comment and join the discussion! Let’s navigate this digital transformation together!