Microsoft has announced that passkeys will become the default authentication method for the Entra ID enterprise identity service starting September 2026.

Passkeys will be enabled automatically for Entra ID users now using phone-based SMS and voice authentication, which will be retired in February 2027 across all tenants.

However, users who are already signing into their accounts with passkeys, Windows Hello for Business, FIDO2 security keys, smart cards, or any other phishing-resistant method will be able to continue using those methods.

"As the rollout reaches each organization, users enabled for SMS or voice authentication will automatically be enabled for passkeys, and the next time they perform multifactor authentication, they'll be prompted to register a passkey," Microsoft said.

"Following this transition, on February 1, 2027, Microsoft will retire Microsoft-provided telecom delivery for SMS and voice authentication and will no longer offer SMS and voice as a native Microsoft Entra capability."