(Updated) General Availability: Microsoft Entra passkeys on Windows
🚨 The Signal: Microsoft Entra passkeys on Windows are now GA, enabling phishing-resistant, passwordless sign-in using Windows Hello. This strengthens authentication across all Windows devices, reducing reliance on passwords and improving overall security posture.
The Impact
All organizations using Microsoft Entra ID are affected, reducing the risk of phishing and credential theft.
- Security Teams: Reduced risk of phishing attacks and credential compromise.
- End Users: Enhanced security and simplified passwordless sign-in experience.
- Admins: Broader support for phishing-resistant authentication across diverse Windows devices.
- Organisations: Improved compliance with passwordless and MFA mandates.
The Action
- Review Microsoft Entra Authentication Methods policy to ensure FIDO2 Security Key (Passkey) is enabled for target users/groups.
- Communicate passkey availability and benefits to end-users, providing guidance on Windows Hello setup.
- Update internal security policies to reflect the adoption of passkeys as a primary authentication method.
- Monitor Microsoft Entra sign-in logs for passkey usage and adoption rates.
Domain: Entra · Impact: high · Workload: Entra ID · Essential Eight: Multi-Factor Authentication · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0974, ISM-1173, ISM-1228, ISM-1401, ISM-1504, ISM-1505, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1815, ISM-1819, ISM-1872, ISM-1873, ISM-1874, ISM-1892, ISM-1893, ISM-1894, ISM-1906, ISM-1907