Feeds.4Sysops
Microsoft Entra ID Transitions to Passkeys, Phasing Out SMS and Voice Authentication
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Starting September 1, 2026, Microsoft will make passkeys the default authentication method for Entra ID, replacing SMS and voice-based multifactor authentication (MFA). This change affects all public cloud tenants currently using SMS or voice authentication, who will be prompted to register passkeys during sign-in. The retirement of SMS and voice authentication will be effective February 1, 2027, after which these methods will no longer be supported. This transition is a response to rising AI-enabled phishing attacks, with click-through rates reaching 54%. Organizations are urged to adopt phishing-resistant methods to enhance security and avoid disruptions. Microsoft has observed significant targeting of Entra ID accounts, emphasizing the urgency of this transition. Security teams are encouraged to prepare users for this change to mitigate risks associated with credential theft.
Key Points: • Microsoft Entra ID will default to passkeys for authentication starting September 1, 2026. • SMS and voice-based MFA will be retired on February 1, 2027, affecting all public cloud tenants. • The transition aims to combat rising AI-enabled phishing attacks targeting Microsoft accounts.