"With the introduction of passkeys, employees can log in to Entra-secured services via Windows Hello. This means that authentication is performed using biometric recognition, such as a fingerprint or facial recognition, or a PIN code. The corresponding key is stored locally on the device in Windows Hello's secure environment."
"According to Microsoft, this approach offers better protection against phishing and other forms of account abuse. The cryptographic key associated with a passkey does not leave the device. This means it cannot be intercepted via a fake website or stolen by malware that attempts to steal login details."
"An important difference from previous implementations is that the method also works on Windows systems that are not linked to or registered with Entra. This allows employees to log in to company resources without a password, even on personal or shared devices."
Microsoft is implementing passkey functionality integrated with Windows Hello for Microsoft Entra authentication on Windows devices. Users can authenticate using biometric recognition (fingerprint or facial recognition) or PIN codes, with cryptographic keys stored securely on the device. This approach eliminates traditional password vulnerabilities and prevents key interception via phishing or malware. The feature works on both Entra-managed and non-managed Windows systems, supporting bring-your-own-device scenarios. Public preview rollout begins mid-March 2026 for organizations worldwide, with government cloud environments following in mid-April. Administrators must enable the functionality before users can access it.
#passwordless-authentication #windows-hello #microsoft-entra #phishing-prevention #biometric-security
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]