Microsoft Entra ID: Authentication strength improvements to support passkeys

Conditional Access authentication strengths in Microsoft Entra ID will be improved to support registration of device-bound passkeys (defined at passkeys.dev) stored on computers, security keys, and mobile devices. 

This message is associated with Microsoft 365 Roadmap ID 182056.

[When this will happen:]

Public Preview: We will begin rolling out early March 2024 and expect to complete by mid-March 2024.

Worldwide, GCC, GCC High, DoD: We will begin rolling out late April 2024 and expect to complete by early May 2024.

[How this will affect your organization:]

End user registration

Prior to this change, users who were in-scope for authentication strength enforcement who could not satisfy passkey (FIDO2) authentication requirements received an error message asking users to manually register the passkey (FIDO2) method.

With this rollout, in My Security Info, new registration options called Passkey (preview) and Passkey in Microsoft Authenticator (preview) will be shown to users who are interrupted to register a passkey (FIDO2) method to satisfy authentication strength requirements. Users that are required to register a passkey in Microsoft Authenticator will see a dedicated registration experience. Users whose organization requires specific passkeys from various vendors and manufacturers will be shown allowable AAGUIDS of the passkeys they can choose to register. No changes are expected to existing Conditional Access policies targeting security information registration.

Current:

user message

New:

user message

[What you need to do to prepare:]

For more information on changes to Microsoft Entra support for passkeys (FIDO2), please review our previous message center post MC690185: (Updated) Prepare for device-bound passkeys in Microsoft Entra ID (changes to FIDO2 and Windows Hello for Business), (November 2023).

No action is needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *