Microsoft to roll out Entra passkeys on Windows starting late April

Microsoft will begin rolling out passkey support for phishing-resistant passwordless authentication to Microsoft Entra-protected resources from Windows devices in late April. The feature is expected to reach general availability Microsoft said Entra passkeys on Windows will support corporate, personal, and shared devices, with admin controls via Conditional Access and Authentication Methods policies. Users can create device-bound passkeys stored in the Windows Hello container and authenticate using facial recognition, fingerprint, or PIN. Passkeys are cryptographically bound to each device and never transmitted over the network, meaning attackers cannot steal them during phishing or malware attacks. Microsoft Entra passkeys on Windows close a security gap that previously left personal and shared devices reliant on password-based Entra ID authentication. In recent months, attackers have targeted Microsoft Entra single sign-on accounts using stolen credentials. In May 2025, Microsoft announced that all new Microsoft accounts will be passwordless