Forum Discussion
Microsoft Authenticator Passkeys for Entra ID on unmanaged devices
Hello, has anyone successfully registered passkeys on an unmanaged phone in an organisation with device compliance policies? Use case is to provide a phishing-resistant MFA option via Authenticator ...
With the current Microsoft Entra conditional access framework, passkeys in the Authenticator app cannot be registered on unmanaged or BYOD devices when device compliance is enforced. The registration process requires a successful sign‑in, which is prevented by the compliant‑device requirement. As a result, passkeys can only be provisioned and used on mobile devices that are enrolled in Intune or otherwise designated as compliant.
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-authenticator-passkey
https://techcommunity.microsoft.com/discussions/microsoft-entra/block-access-with-conditional-access-for-unmanaged-devices/4065902