www.microsoft.com 7/13/2026, 6:51:21 PM · external

Microsoft Entra ID to Enforce Passkeys, Dropping SMS MFA by 2027

Microsoft Entra ID to Enforce Passkeys, Dropping SMS MFA by 2027
CyberSIXT Evidence Panel Source marked as original reporting

MICROSOFT Entra ID is transitioning to make passkeys the default authentication method, effective September 1, 2026, as a measure against phishing and credential theft, common in today's AI-driven threat environment. This change aims to phase out SMS and voice methods by February 1, 2027, urging organizations to adopt phishing-resistant solutions. Users currently using SMS/voice authentication will automatically be prompted to register for passkeys during their next multifactor authentication.

Organizations needing SMS/voice can still partner with telecom providers through the Microsoft Security Store. Key steps for organizations include identifying current users of SMS/voice, planning the passkey rollout, and preparing user communications. The transition aims to enhance security and simplify user experience by incorporating public-key cryptography.

View full article

Article by CyberSIXT