Microsoft is forcing an enterprise transition to passkeys

Summary

Microsoft will transition its Entra ID service to use passkeys as the default authentication method starting September 1, 2026, with SMS and voice authentication ending in February 2027. This move aims to bolster security against increasingly sophisticated AI-powered attacks that target traditional credentials.

IFF Assessment

FRIEND

The transition to passkeys represents a significant security enhancement by moving away from vulnerable password-based authentication towards a more robust and phishing-resistant method, which benefits defenders.

Defender Context

This development signals a major industry shift towards passwordless authentication, driven by the need to combat advanced threats like AI-augmented phishing. Defenders should prepare for widespread adoption of passkeys and ensure their systems and user training align with this new standard.

Read Full Story →