CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft Introduces Phishing-Resistant Passkeys for Windows Sign-Ins

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, enabling phishing-resistant passwordless authentication via Windows Hello. This feature is opt-in and will be available in public preview from mid-March through late April 2026 for worldwide tenants, with government cloud environments following in mid-April through mid-May. The update extends passwordless sign-in to unmanaged Windows devices, addressing a previous security gap. The passkeys are device-bound and cryptographically secured, preventing theft via phishing or malware. Each Entra account registers its own passkey per device, and multiple accounts can coexist on a single machine. However, passkeys cannot be synced across devices, requiring separate registration for each account. To enroll in the public preview, IT administrators must enable the Passkeys (FIDO2) authentication method in Entra's Authentication Methods policies, create a passkey profile with the required Windows Hello AAGUIDs, and assign it to the appropriate groups.

Timeline

  1. 10.03.2026 17:27 1 articles · 20h ago

    Microsoft Rolls Out Passkey Support for Microsoft Entra on Windows Devices

    Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, enabling phishing-resistant passwordless authentication via Windows Hello. This feature is opt-in and will be available in public preview from mid-March through late April 2026 for worldwide tenants, with government cloud environments following in mid-April through mid-May. The update extends passwordless sign-in to unmanaged Windows devices, addressing a previous security gap. The passkeys are device-bound and cryptographically secured, preventing theft via phishing or malware. Each Entra account registers its own passkey per device, and multiple accounts can coexist on a single machine. However, passkeys cannot be synced across devices, requiring separate registration for each account. To enroll in the public preview, IT administrators must enable the Passkeys (FIDO2) authentication method in Entra's Authentication Methods policies, create a passkey profile with the required Windows Hello AAGUIDs, and assign it to the appropriate groups.

    Show sources
    Open in new tab

Information Snippets

  • Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, enabling phishing-resistant passwordless authentication via Windows Hello.

    First reported: 10.03.2026 17:27
    1 source, 1 article
    Show sources

  • The feature is opt-in and will be available in public preview from mid-March through late April 2026 for worldwide tenants, with government cloud environments following in mid-April through mid-May.

    First reported: 10.03.2026 17:27
    1 source, 1 article
    Show sources

  • The update extends passwordless sign-in to unmanaged Windows devices, addressing a previous security gap.

    First reported: 10.03.2026 17:27
    1 source, 1 article
    Show sources

  • The passkeys are device-bound and cryptographically secured, preventing theft via phishing or malware.

    First reported: 10.03.2026 17:27
    1 source, 1 article
    Show sources

  • Each Entra account registers its own passkey per device, and multiple accounts can coexist on a single machine. However, passkeys cannot be synced across devices, requiring separate registration for each account.

    First reported: 10.03.2026 17:27
    1 source, 1 article
    Show sources

  • To enroll in the public preview, IT administrators must enable the Passkeys (FIDO2) authentication method in Entra's Authentication Methods policies, create a passkey profile with the required Windows Hello AAGUIDs, and assign it to the appropriate groups.

    First reported: 10.03.2026 17:27
    1 source, 1 article
    Show sources