Microsoft Entra: Passkey authentication in brokered Microsoft apps on Android

🚨 The Signal: Microsoft Entra ID now supports passkey authentication for Microsoft apps on Android devices with an authentication broker. This enhances phishing-resistant MFA options, improving user security posture against credential theft.

The Impact

Android users are affected, with a positive security risk reduction due to stronger authentication options.

• Android users: Enhanced login security with phishing-resistant passkeys.
• Security teams: New strong authentication method to deploy and manage.
• Identity administrators: Configuration required to enable passkey usage.
• Organisations: Improved compliance posture for strong authentication requirements.

The Action

1. Navigate to Microsoft Entra admin center > Protection > Authentication methods > Policies.
2. Select 'Passkey (FIDO2)' and enable it for 'All users' or specific groups.
3. Configure 'Target users' and 'Configuration' settings as per organisational policy.
4. Communicate passkey enrolment and usage instructions to end-users.
5. Monitor passkey adoption and usage through Entra ID sign-in logs.

Domain: Entra · Impact: high · Workload: Entra ID · Essential Eight: Multi-Factor Authentication · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0974, ISM-1173, ISM-1228, ISM-1401, ISM-1504, ISM-1505, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1815, ISM-1819, ISM-1872, ISM-1873, ISM-1874, ISM-1892, ISM-1893, ISM-1894, ISM-1906, ISM-1907