Forum Discussion
Solved
Microsoft Entra ID (Azure AD) support for Passkeys
Hi, Has anyone seen any reference or blog as to when Microsoft Entra ID (Azure AD) will support Passkeys on iOS or Android devices and will this be classified as Phishing-Resistant MFA under Condi...
- This is the best article I have seen so far regarding background and setup requirements for Microsoft Authenticator Passkeys in Entra ID
https://janbakker.tech/get-started-with-passkeys-in-microsoft-365/
Kyle_Lam This is promising. I'm still not able to see the "Passkey (FIDO2)" under my Azure "Authentication methods | Policies", mine still says "FIDO2 security key". I believe Microsoft only intends to support Passkeys in their native app Microsoft Authenticator at least for the short term.
Cancel this, it is working. Wording still shows "FIDO2 security key", but after I added the two AAGUIDs the option appeared.
STACDRU glad to hear that! I added the AAGUID and then the passkey for Microsoft Authenticator appear. I wonder how to enable the icloud keychain passkey as well.
I found that there are 3 passkey settings when I query the Graph Explorer API, but I have no idea how to enable it."defaultPasskeyProfile": null,"allowedPasskeyProfiles": []"passkeyProfiles": []- From what Microsoft has said, they don't plan to allow that. Issue with iCloud Passkeys is they are account bound, not device bound. Your Passkey through Microsoft Authenticator on your iPhone cannot be moved, or synced to your iPad, it also cannot be shared with anyone. iCloud Passkeys are account bound, are synced between iCloud devices, and can be shared with people, so they are less secure.
- I think the bigger issue with this setup is it requires you to default your iPhone to use Microsoft Authenticator for Passwords and Passkeys. This will be a major issue for anyone already using a Password Manager.
