Microsoft Entra ID Transitions to Passkeys, Phasing Out SMS and Voice Authentication

Microsoft Entra ID Transitions to Passkeys, Phasing Out SMS and Voice Authentication

First seen 14 Jul 2026, 09:39 UTC Feeds.4SysopsCybersecuritynewsFeeds2.FeedburnerBleepingcomputerlearn.microsoft.com 86% similarity 70.2

Article Content

Browse articles
ThreatCluster

Starting September 1, 2026, Microsoft will make passkeys the default authentication method for Entra ID, replacing SMS and voice-based multifactor authentication (MFA). This change affects all public cloud tenants currently using SMS or voice authentication, who will be prompted to register passkeys during sign-in. The retirement of SMS and voice authentication will be effective February 1, 2027, after which these methods will no longer be supported. This transition is a response to rising AI-enabled phishing attacks, with click-through rates reaching 54%. Organizations are urged to adopt phishing-resistant methods to enhance security and avoid disruptions. Microsoft has observed significant targeting of Entra ID accounts, emphasizing the urgency of this transition. Security teams are encouraged to prepare users for this change to mitigate risks associated with credential theft.

Key Points: • Microsoft Entra ID will default to passkeys for authentication starting September 1, 2026. • SMS and voice-based MFA will be retired on February 1, 2027, affecting all public cloud tenants. • The transition aims to combat rising AI-enabled phishing attacks targeting Microsoft accounts.

ThreatCluster AI

Timeline

2026-07-14
Microsoft announces passkeys as default for Entra ID
Microsoft will make passkeys the default authentication method starting September 1, 2026, replacing SMS and voice MFA.
Bleepingcomputer
2026-07-14
Transition to passkeys aims to enhance security
The shift to passkeys is designed to reduce reliance on phishable credentials amid rising AI phishing campaigns.
Feeds.4Sysops
2026-07-14
Retirement of SMS and voice authentication confirmed
Microsoft will officially retire SMS and voice authentication for Entra ID on February 1, 2027, to promote phishing-resistant alternatives.
Feeds.4Sysops
2026-07-14
Microsoft warns of phishing risks
Microsoft Threat Intelligence reports AI-enabled phishing campaigns achieving click-through rates of 54%, highlighting the urgency of adopting passkeys.
Cybersecuritynews

Community

Browse all →