MICROSOFT Entra ID is transitioning to make passkeys the default authentication method, effective September 1, 2026, as a measure against phishing and credential theft, common in today's AI-driven threat environment. This change aims to phase out SMS and voice methods by February 1, 2027, urging organizations to adopt phishing-resistant solutions. Users currently using SMS/voice authentication will automatically be prompted to register for passkeys during their next multifactor authentication.
Organizations needing SMS/voice can still partner with telecom providers through the Microsoft Security Store. Key steps for organizations include identifying current users of SMS/voice, planning the passkey rollout, and preparing user communications. The transition aims to enhance security and simplify user experience by incorporating public-key cryptography.