Microsoft Entra ID Will Make Passkeys the Default in September 2026
Microsoft’s authentication changes will make passkeys the default sign-in method for Microsoft Entra ID users beginning September 1, 2026.
The company will introduce the change gradually across organizations. Eligible users will receive a prompt to create a passkey after completing their next multifactor authentication challenge.
Microsoft says administrators will not need to configure every account manually. Users who currently depend on SMS or voice verification will move to the new authentication experience automatically.
Why Microsoft is replacing passwords
Microsoft has expanded passkey support as phishing attacks, credential theft, and AI-powered social engineering become more sophisticated.
Recent voice phishing campaigns have targeted Microsoft 365 users by impersonating trusted support staff and attempting to capture Entra credentials or verification codes. These attacks can bypass traditional password protections when users share information with attackers.
Passkeys replace shared passwords with public-key cryptography. Users authenticate through a fingerprint, facial recognition, or a device PIN stored on a trusted device.
Because the private authentication key does not leave the device, attackers cannot steal it through a fake sign-in page. This makes passkeys resistant to many common phishing and credential theft techniques.
Passkey rollout begins in September
The Entra ID rollout will begin on September 1, 2026, and continue gradually.
After an eligible user completes an MFA request, Microsoft will prompt them to register a passkey. Organizations will not need to migrate every employee at the same time.
Microsoft plans to publish more information on September 18, 2026. The update will cover supported providers, deployment guidance, technical documentation, and pricing.
Organizations that still need SMS or voice authentication will have time to review their options before completing the transition.
SMS and voice authentication will end in 2027
Microsoft will not remove passwords and older authentication methods immediately. Organizations will have until 2027 to complete their migration.
SMS and voice authentication capabilities in Microsoft Entra ID will retire on February 1, 2027.
Microsoft is also tightening password reset security. Users will only be able to reset their passwords with authentication methods that they previously registered.
The changes form part of Microsoft’s wider effort to reduce password use and strengthen account protection across Windows, Microsoft 365, and Entra ID.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
User forum
0 messages