Microsoft is updating the Passkey (FIDO2) authentication methods policy in Entra ID to support passkey profiles, entering public preview in November 2025. This update enables admins to define group-based passkey configurations and introduces new API schema changes for more granular control.
With this rollout, admins can:
– Apply different passkey configurations for specific user groups
– Allow or restrict certain FIDO2 security key models by group
– Enable Microsoft Authenticator passkeys selectively
– Accept any WebAuthn-compliant security key or provider when Enforce attestation is disabled
Configure and manage these settings directly in:
Microsoft 365 admin center → Security → Authentication methods → Passkey (FIDO2) settings
By supporting a wider range of passkey providers and offering flexible policy control, Entra ID moves organizations closer to a seamless, secure, passwordless future.
Rollout timeline:
-
Worldwide: Early Nov – Early Dec 2025
-
GCC: Mid-Nov – Mid-Dec 2025