Entra ID Passkeys Arrive on Windows With Support for Personal and Shared PCs

Rolling out late April 2026, with full availability expected by mid-June 2026

News
Milan Stanojevic
Milan Stanojevic Shield
Windows Toubleshooting Expert
News
Reading time icon 2 min. read

Calendar icon Published on

microsoft entra passkeys windows

Microsoft is rolling out passkey authentication for Microsoft Entra ID on Windows, expanding its push toward a fully passwordless ecosystem. The feature starts rolling out in late April 2026, with general availability expected by mid-June.

The update introduces support for device-bound passkeys, allowing users to sign in securely without passwords across corporate, personal, and shared Windows devices. A major shift comes from the added support for unmanaged devices, removing a key limitation from earlier implementations.

How passkeys work on Windows

Passkeys are stored locally inside the Windows Hello container and never leave the device. Users authenticate using face recognition, fingerprint, or a PIN, all backed by the FIDO2 standard.

This approach ensures that credentials remain cryptographically tied to the device, making them resistant to phishing attempts, credential theft, and even MFA bypass attacks.

Admin controls and requirements

IT admins can manage passkey usage through Entra Authentication Methods policies and Conditional Access rules. To enable the feature, organizations must allow passkeys within these policies and configure access controls accordingly.

Passkeys vs Windows Hello for Business

Unlike Windows Hello for Business, Entra passkeys do not require device registration. Users can create them independently, but they do not enable device-level sign-in or single sign-on.

Windows Hello for Business, on the other hand, requires device join and supports both login and SSO capabilities, making it more suitable for fully managed environments.

This rollout closes a long-standing gap where personal and shared devices relied heavily on passwords. With rising attacks targeting Entra accounts and credential-based SaaS breaches, Microsoft is moving quickly to strengthen authentication methods.

The update fits into a broader strategy to eliminate passwords entirely, following recent moves like mandatory MFA registration and passwordless defaults for new Microsoft accounts.

In other news, the Cybersecurity and Infrastructure Security Agency has ordered U.S. agencies to patch the “BlueHammer” zero-day vulnerability.

Via Bleeping Computer

More about the topics: microsoft, microsoft entra, passkeys

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages