Don't Be Vulnerable: Registering Phishing-Resistant Passkeys for iOS Devices

Overview

Adele Vance, the Lead Security Administrator at a midsize nonprofit, had a mission: to strengthen account protections for critical roles and systems. Like many IT leaders, she faced the challenge of safeguarding privileged accounts from phishing, credential theft, and sophisticated cyberattacks—without compromising accessibility during emergencies. Her solution? Registering phishing-resistant passkeys for emergency access accounts using Microsoft Entra ID.

If you're like Adele—looking to raise the bar on identity security—this guide will walk you through two highly secure sign-in methods: Microsoft Authenticator app and FIDO2 security keys. These modern passkeys enable strong, phishing-resistant Multi-Factor Authentication (MFA) that keeps your organization resilient in the face of growing threats.

✅ Prerequisites

Before getting started, ensure the following are in place:

• An active Microsoft Entra ID Plan 1 or Plan 2 subscription.
• The account you're using has Global Administrator privileges.
• A Temporary Access Pass (TAP) policy is enabled and assigned.
• Both Microsoft Authenticator and FIDO2 methods are enabled in the Authentication Methods Policy within the Microsoft Entra Admin Center.

📲Option 1: Registering Passkey Authenticator for iOS Devices

After enabling the right Authentication methods policies for registering devices for Phishing Resistant Passkey usage. Now you will need to register your device to be paired with a passkey. Make sure that you download Microsoft Authenticator from the Apples Official App Store.

Registering Passkey

1. Download the Microsoft Authenticator app from the Apple’s Official App Store.
2. If you are using the app for the first time, On the Secure Your Digital Life Screen, tap Add “work or school account.”
3. Sign-in to your account by clicking on the + button then select “Add account.”
4. Once your account has been added or you have already added your account to the Authenticator, then select “Create passkey.”
5. Complete the Multi Authentication process by entering your “Username” and “Password”, then click Next.
6. You can set up a lock screen by pressing the “Settings” button.
7. Now you need to press the “Settings” button to enable the Authenticator Passkey Provider.
8. iOS 17: Settings> Passwords > Password Options.
9. iOS 18: Settings> General > Autofill & Passwords.

10. Press the back icon to return to the Authenticator, then tap “Done.”

11. You will see the passkey added as a method to your device.

12. Next, tap done to complete the process.

If you would like to learn more about your passkey and how you now can use this method to authenticate, click the “How to use passkey” button for more information. Now that you have successfully registered your passkey key you can sign-in with the assurance of security utilizing phishing resistant authentication.

📲Option 2: Using Registering Passkey from Security Info

Here is another way you can register your passkey. To register your passkey for the Microsoft Authenticator using the Security Info login, follow these steps:

1. Navigate to the Security Info
2. Click on the “+ Add sign-in method” button.
3. Select the option to add a new authentication method and choose "Passkey" from the list.
4. Click the Next button on the “Create Your Passkey in Microsoft Authenticator.”
5. In the authenticator app select the “Work or school account” you want to add the passkey.
6. Select “Create a passkey,” then follow the prompts to complete the instructions.

Once completed, you will have your authentication method properly set up. You can then authenticate with a managed device using the Microsoft Authenticator app. While this method can be used for emergency accounts, it is recommended to utilize a FIDO2 security key USB that is compatible with Microsoft for enhanced security. Implementing this method within your organization helps mitigate phishing risks and promotes better security practices, thereby reducing your attack surface.

Conclusion

Registering a passkey through either the Microsoft Authenticator app or the Security Info login is an exciting and transformative way to secure your online identity! By enabling phishing-resistant multi-factor authentication (MFA), you’re taking a proactive step towards a safer digital experience. Embrace this cutting-edge technology with confidence, knowing that your accounts are now fortified against malicious intrusions. This is more than just security, it’s peace of mind, reinvented!

What’s Next?

If you’re an Android user, get ready to embark on an effortless and exciting journey to secure your accounts! Setting up a passkey on your device is as seamless as it gets. In the next section, we’ll guide you through the steps to unlock the power of this cutting-edge authentication technology using your Android device. Stay tuned and prepare to embrace the future of digital security with confidence and ease!

Hyperlinks

• Register passkeys in Authenticator on Android and iOS devices - Microsoft Entra ID | Microsoft Learn
• Passkeys in Microsoft Authenticator FAQs - Microsoft Entra ID | Microsoft Learn
• Enable passkeys in Authenticator for Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn