Blog Post

Windows IT Pro Blog
3 MIN READ

Windows 11 expands passkey manager support

Katharine_Holdsworth's avatar
Katharine_Holdsworth
Icon for Microsoft rankMicrosoft
Nov 11, 2025

Windows is committed to making sign-in simpler, quicker, and more secure for every user. Today, we’re excited to announce a major step forward in passwordless authentication: native support for passkey managers in Windows 11. This new capability empowers users to choose their favorite passkey manager — whether it’s Microsoft Password Manager or trusted third-party providers. It’s generally available with the Windows November 2025 security update.

By partnering closely with third-party managers, we’re delivering a more flexible, secure, and intuitive experience for Windows users everywhere, starting with 1Password and Bitwarden today and other passkey managers coming soon. 

“Working alongside the Windows Security team on the development of the passkey plugin API for Windows 11 has been a rewarding partnership.

As the first password manager to offer native passkey support in Windows 11, we’re proud to give customers a seamless passwordless experience inside and outside the browser. Together, we’ve ensured that 1Password and other third-party passkey providers can deliver a secure, standards-based experience natively on Windows, marking another major step towards a passwordless future.”

- Travis Hogan, End User Group Product Manager, 1Password

Why plugin passkey managers?

Passkeys are phish-resistant, less vulnerable to data breaches, and easier and faster to use than passwords. With plugin passkey manager support, you get:

  • Choice and flexibility: Use your preferred passkey manager natively on Windows.
  • Easy authentication: Create and sign in with passkeys using Windows Hello.
  • Passkeys everywhere: Your passkeys are synced between your Windows PCs and mobile devices. They go where you go.
Saving a passkey to 1Password

Easier authentication, with Windows Hello

With plugin passkey manager support, packaged credential managers can integrate directly into Windows. Users can save, manage, and use passkeys across browsers and native apps — thanks to the new plugin provider capability. Setting up your credential manager is part of the passkey creation flow. Authentication uses Windows Hello — whether that is PIN, face, or fingerprint — so only you can access your credentials.

Signing into GitHub with a Bitwarden passkey

“Bitwarden is delighted to collaborate with Microsoft on bringing native passkeys to Windows 11. This partnership enables more organizations and users to embrace passkeys confidently, knowing they can manage their credentials securely on Windows and across all their devices and platforms.” 

- Bitwarden

Microsoft Password Manager

We’ve integrated Microsoft Password Manager from Microsoft Edge natively into Windows as a plugin. That means you can use it in Microsoft Edge, other browsers, or any app that supports passkeys.

Saving a passkey to the Microsoft Password Manager plugin on Windows

This integration of Microsoft Password Manager from Microsoft Edge comes with added security benefits:

  • Passkey operations (creation, authentication, and management) are protected by Windows Hello.
  • Passkeys stored in Microsoft Password Manager will be synced and available on other Windows devices where the user is logged into Microsoft Edge with the same Microsoft account.
  • Syncing is protected by your Microsoft Password Manager PIN and a cloud enclave solution.
  • Azure Managed Hardware Security Modules (HSMs) help protect encryption keys.
  • Sensitive operations are performed inside a hardware-isolated environment in Azure Confidential Compute. 
  • There is tamper-proof recovery with Azure Confidential Ledger.


In other words, your passkeys are securely stored and easy to use.

Securing the present, innovating for the future

Join us as we build a passwordless future - one passkey at a time.

Security is a shared responsibility. Through collaboration across hardware and software ecosystems, we can build more resilient systems that are secured by design and by default, from Windows to the cloud, enabling trust at every layer of the digital experience.

The updated Windows 11 Security Book and Windows Server 2025 Security Book are great tools to help you understand how to stay more secure with Windows. Learn more about Windows 11, Windows Server, and Copilot+ PCs. To learn more about Microsoft Security Solutions, visit our website. 

Bookmark the Microsoft Security Blog to keep up with our expert coverage on security matters.

Also, follow Microsoft Security on LinkedIn and @MSFTSecurity on X for the latest news and updates on cybersecurity. 

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.

Updated Nov 12, 2025
Version 4.0
windows 11

4 Comments

  • skdyer's avatar
    skdyer
    Brass Contributor
    Nov 12, 2025

    I just ran the Nov update and I don't see an option to do this.  Would have been useful to provide a link to the instructions of how to set this up in this article.

  • Itziktdk's avatar
    Itziktdk
    Copper Contributor
    Nov 12, 2025

    So I'm going (finally) to unlock my Windows by Passkey / MS Authenticator? 

  • TheBigBear's avatar
    TheBigBear
    Copper Contributor
    Nov 12, 2025

    Other blogs state this to only allow passkeys for MSA accounts and not yet Entra ID ones?

    can you clarify the exact scope of this passkey support expansion?

  • Marc_Laf's avatar
    Marc_Laf
    Iron Contributor
    Nov 11, 2025

    I'm really confused at this announcement. How does this change from how we currently use third party password managers such as 1Password? I am a 1P user and 1P is already set to be my default password manager inside Edge with Edge's built in disabled. When I create a passkey on a website, I am prompted to save it to 1P. I can also unlock 1P using Windows Hello. I don't see how this new integration will make operation any different.