Microsoft Entra Adds Phishing-Resistant Passkeys on Windows
🔐 Microsoft is introducing passkey support in Microsoft Entra for Windows, enabling phishing-resistant, passwordless sign-ins via Windows Hello. The opt-in feature enters public preview worldwide from mid‑March through late April 2026, with government clouds (GCC, GCC High, DoD) following mid‑April through mid‑May. Passkeys are device-bound, stored in the Windows Hello container, and never transmitted over the network, preventing credential theft and MFA bypass. IT administrators must enable the Passkeys (FIDO2) authentication method, create a passkey profile including the required Windows Hello AAGUIDs, and assign the profile to appropriate groups to enroll devices.
