
Entra ID Makes Passkeys the Default, Ditching SMS/Voice MFA by 2027
Microsoft will make passkeys the default authentication method for Entra ID starting September 2026, auto-enabling them for users currently on SMS/voice MFA; SMS/voice authentication will be retired across all tenants on February 1, 2027. Users already using passkeys, Windows Hello for Business, FIDO2 keys, or other phishing-resistant methods can continue. After rollout, organizations should ensure all users adopt phishing-resistant methods to avoid sign-in disruptions, with third-party telecom providers available via the Security Store if needed. Microsoft cites AI-enabled phishing risks and says passkeys reduce credential theft by replacing phishable factors.
