A significant enhancement to its identity management platform with the upcoming expansion of passkey (FIDO2) authentication methods policy in Microsoft Entra ID.
Set to roll out as a public preview in November 2025, this update will introduce passkey profiles, enabling administrators to implement granular, group-based control over passkey configurations.
The phased deployment will begin mid-October 2025 and is expected to reach completion by mid-November 2025, affecting Worldwide, GCC, GCC High, and DoD environments.
The introduction of passkey profiles represents a pivotal advancement in Microsoft’s authentication infrastructure.
Organizations will gain the ability to apply differentiated passkey configurations based on user groups, significantly enhancing security flexibility.
This granular approach allows security administrators to tailor authentication requirements to specific organizational segments, addressing varying security needs across different departments or user roles.
Technical implementation will enable scenarios such as restricting particular user groups to specific FIDO2 security key models while allowing other groups to utilize passkeys through the Microsoft Authenticator app.
This capability addresses a common challenge in enterprise environments where security requirements differ across organizational units, providing administrators with unprecedented control over authentication method deployment.
Microsoft Entra ID
The update introduces important API schema changes that will impact how organizations manage passkey policies programmatically.
During the preview period, organizations that modify passkey policies through the Microsoft Azure or Entra portal will immediately experience the new schema implementation.
However, those utilizing Graph API or third-party tools for policy management will continue with the existing schema until General Availability.
This staged approach to schema implementation allows organizations to prepare their systems and processes for the eventual full deployment.
Microsoft recommends that technical teams review their current passkey configurations and update internal documentation to reflect the forthcoming changes.
The new settings will be accessible via the Microsoft 365 admin center under Security > Authentication methods > Passkey (FIDO2) settings.
Enhanced Security Key
A technical enhancement accompanying the November 2025 update is expanded support for WebAuthn-compliant security keys and passkey providers.
According to Report, Microsoft Entra ID will accept any WebAuthn-compliant security key or passkey provider for registration and authentication.
This modification significantly broadens the range of compatible authentication devices and providers, offering organizations greater flexibility in their hardware choices.
This expanded compatibility represents Microsoft’s commitment to open standards and interoperability within the passwordless authentication ecosystem.
Technical documentation comparing the updated behavior with current functionality will be available through Microsoft’s documentation on Entra ID attestation for FIDO2 security key vendors.
No administrative action is required before the rollout begins, as the changes will be implemented automatically according to the published schedule.
However, security administrators are advised to familiarize themselves with the new capabilities and consider how these enhanced controls might be leveraged within their authentication strategy.
Microsoft will provide updated technical documentation before the rollout through its Learn platform, detailing the process for enabling and configuring passkeys within organizations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
%20Support.webp?resize=1068,580&ssl=1&description=A significant enhancement to its identity management platform with the upcoming expansion of passkey (FIDO2) authentication methods policy in Microsoft Entra ID.){kind=link}