Forum Discussion
Microsoft Entra ID (Azure AD) support for Passkeys
- This is the best article I have seen so far regarding background and setup requirements for Microsoft Authenticator Passkeys in Entra ID
https://janbakker.tech/get-started-with-passkeys-in-microsoft-365/
mcoombe@Drogon1635 I can setup the Passkey in Microsoft Authenticator (Preview) today!!!
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-authenticator-passkey
For the iCloud Keychain passkey, my Entra ID is not yet supported. I attempted to add a passkey in the Microsoft Authenticator and a Security Key, but both attempts failed. Fortunately, I can still use the passkey in Microsoft Authenticator.
Kyle_Lam This is promising. I'm still not able to see the "Passkey (FIDO2)" under my Azure "Authentication methods | Policies", mine still says "FIDO2 security key". I believe Microsoft only intends to support Passkeys in their native app Microsoft Authenticator at least for the short term.
- Cancel this, it is working. Wording still shows "FIDO2 security key", but after I added the two AAGUIDs the option appeared.
STACDRU glad to hear that! I added the AAGUID and then the passkey for Microsoft Authenticator appear. I wonder how to enable the icloud keychain passkey as well.
I found that there are 3 passkey settings when I query the Graph Explorer API, but I have no idea how to enable it."defaultPasskeyProfile": null,"allowedPasskeyProfiles": []"passkeyProfiles": []- From what Microsoft has said, they don't plan to allow that. Issue with iCloud Passkeys is they are account bound, not device bound. Your Passkey through Microsoft Authenticator on your iPhone cannot be moved, or synced to your iPad, it also cannot be shared with anyone. iCloud Passkeys are account bound, are synced between iCloud devices, and can be shared with people, so they are less secure.