Microsoft Entra ID introduces FIDO2 provisioning APIs in public preview, enabling pre-provisioning of security keys for users, simplifying onboarding, and ensuring phishing-resistant authentication. Rollout begins mid-September 2024, with completion by late September. No admin action is required for the rollout.
Microsoft Entra ID now supports FIDO2 provisioning via API, allowing organizations to pre-provision security keys (passkeys) for users. These new APIs can simplify user onboarding and provide seamless phishing-resistant authentication on day one for employees.
When this will happen:
Public Preview: We will begin rolling out mid-September 2024 and expect to complete by late September 2024.
How this will affect your organization:
Admins can onboard employees with admin provisioning of FIDO2 security keys (passkeys) on behalf of users, providing secure and seamless authentication from day one. While admins can still deploy security keys in their default configuration to their users or allow users to bring their own security keys which requires self-service registration by a user, these APIs allow keys to be pre-provisioned for users, so users have an easier experience on first use.
Passkey authentication method is enabled through Authentication method policy.
For more information on how to use this feature, see Enable passkeys (FIDO2) for your organization.
What you need to do to prepare:
This rollout will happen automatically with no admin action required.