Microsoft Entra: Passkeys by default and retirement of Microsoft-provided SMS and voice authentication
Microsoft Entra will make passkeys the default authentication method starting September 1, 2026, retiring Microsoft-provided SMS and voice authentication by February 1, 2027. Customers must configure telecom providers for SMS/voice via the Microsoft Security Store or face disruptions. Passkeys offer stronger, phishing-resistant security at no extra cost. What and why Passkeys will become the default authentication experience in Microsoft Entra on September 1, 2026. Telecom-based methods (SMS and voice) will transition to customer-configured providers through the Microsoft Security Store. The AI era demands stronger, phishing-resistant authentication. We are making passkeys the default authentication experience in Microsoft Entra to help customers securely adopt AI at scale. As part of this transition, SMS and voice will no longer be available as multifactor authentication methods starting February 1, 2027. SMS and voice do not offer sufficient levels of security in comparison to passkeys. Traditional authentication methods including passwords, SMS one-time passcodes, and voice-based verification remain vulnerable to phishing, interception, and social engineering attacks. We strongly recommend moving away from telephony-based authentication methods to improve security and prevent identity attacks. Passkeys are included in all Microsoft Entra plans, so making this critical security change comes at no additional cost for you. While we recommend adopting passkeys for phishing-resistant authentication as quickly as possible, we also recognize that some customers may have business needs that make an immediate transition impractical. In such cases, customers may continue to use SMS and voice by selecting a telecom provider in the Microsoft Security Store. Rollout schedule September 1, 2026: Rollout begins. Changes may take time to reach all tenants and will be deployed gradually. Passkeys will be automatically enabled for users currently enabled for SMS or voice. Registration Campaign will be set to Microsoft-Managed targeting passkeys for all users in eligible tenants. Users will be prompted to register a passkey during MFA sign-in; users will be able to skip. September 18th, 2026: review the telecom providers and related information available through the Microsoft Security Store to evaluate which optiohn best meets your regional and compliance requirements. October 30, 2026: Customers who need to continue to use SMS […]
The post Microsoft Entra: Passkeys by default and retirement of Microsoft-provided SMS and voice authentication appeared first on M365 Admin.
Published on:
Learn more