heise PlusAbo
Anzeige

Microsoft Entra: Automatic activation of Passkey profiles in March

Microsoft announces automatic activation of Passkey profiles in the Entra ID service in March. The configuration should be simple.

listen Print view
Digital identities on a tablet, with a lock containing a face above it (symbolic image)

(Image: Jirsak/Shutterstock.com)

2 min. read
Security
By

Microsoft's Entra ID identity management service is set to receive Passkey profiles in March. Microsoft announces that the feature will be automatically enabled in March.

The company announced this step in the Microsoft 365 Message Center (MC1221452, copy at merill.net). "Beginning in March 2026, Microsoft Entra ID will automatically enable Passkey profiles with a new property passkeyType for device-bound and synchronized Passkeys," Microsoft explains. "Tenants that do not opt-in will be automatically migrated with their existing settings. Microsoft-managed enrollment campaigns will be updated to Passkeys." Microsoft recommends that IT administrators make preparations and configurations before the general rollout.

Group-based settings

Admins will be able to make group-based Passkey settings and use the new passkeyType property. The latter allows IT administrators to set Passkeys to device-bound Passkeys, synchronized Passkeys (e.g., via password/Passkey managers), or both.

The new schema will be rolled out starting in March 2026. If tenants would rather not use Passkey profiles, existing FIDO2 Passkey authentication methods will be moved to a "Default Passkey Profile" during the transition. The passkeyType value will be set based on the tenant's previous settings. If tenants have enabled synchronized Passkeys, Microsoft-managed enrollment campaigns will be switched to so-called target Passkeys.

Passkey profiles will be generally available globally starting in early March, with the transition expected to be completed by the end of March. The transition for tenants that do not opt-in will occur from early April to the end of May 2026.

Videos by heise

As preparation, Microsoft recommends that those who want to use a configuration apart from the default settings should opt-in to the transition before automatic activation begins. They should then set the default passkeyType of the Default Passkey Profile to the desired setting. Administrators should also check the enrollment campaign configuration, especially if it is set to "managed by Microsoft."

In early January, Microsoft updated Entra certificates. Specifically, the company migrated DigiCert certificates from the G1 Root CA to the G2 Root CA.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten