Microsoft adds Passkey option to Entra ID registration campaigns
Starting in April this year, Microsoft plans to add Passkey support to Entra ID registration campaigns.
(Image: Tero Vesalainen/Shutterstock.com)
Microsoft announced at the end of January that it would activate Passkey profiles in Entra ID for all tenants starting in March of this year. Now the company is announcing that, in line with this, it will also expand registration campaigns to include passkeys.
Microsoft reports this in the Microsoft 365 Message Center (MC1253746, copy at merill.net). Starting in April 2026, Microsoft registration campaigns will also offer passkeys (FIDO2) as an authentication method. Such registration campaigns prompt users to set up, for example, the Authenticator app for multi-factor authentication (MFA), thereby replacing less secure, older login methods.
With this, Microsoft wants to promote the transition to these phishing-resistant credentials. "Eligible Microsoft 365 tenants can opt users into Passkey registration nudges during sign-in," the company explains. The option is to be rolled out gradually and will affect users with multi-factor authentication capabilities and specific policy settings.
Further details on registration campaigns
The option will become generally available worldwide from early April, and Microsoft intends to complete the rollout by the end of May 2026. The option will be available for Microsoft 365 tenants that use Microsoft's registration campaigns and are configured as either Microsoft-managed or in the "Enabled" status. The reminders will then go to users who can authenticate with MFA and are eligible to use passkeys.
Videos by heise
Microsoft further explains that in the reminders, the default authentication method will change from "Microsoft Authenticator" to "Passkeys (FIDO2)". The period for suppressing such reminders will decrease from three days to one day. At the same time, the developers are removing the limit on the number of suppressed prompts. The reminders are intended to appear when users have correctly completed multi-factor authentication. Admins whose tenants are not configured as "Microsoft-managed" but have the "Enabled" status will have further control and configuration options, as specified in the message center post. Microsoft recommends that IT managers review their own registration campaigns by early April.
(dmk)
