Ethical Hacking News
Microsoft has announced a new feature that brings phishing-resistant sign-ins via Entra passkeys to Windows devices, aiming to provide users with an additional layer of protection against cyber threats.
Micsoft has introduced phishing-resistant sign-ins via Entra passkeys on Windows devices.The feature provides an additional layer of protection against cyber threats using passwordless authentication via Windows Hello.Passkeys are device-bound and cannot be synced across devices.To use the feature, IT administrators must enable Passkeys (FIDO2) authentication method in Entra's Authentication Methods policies.
Microsoft has recently announced a significant update to its Windows operating system, aiming to bring phishing-resistant sign-ins via Entra passkeys. This new feature is part of the company's ongoing efforts to enhance the security and reliability of its products.
According to Sergiu Gatlan, a news reporter who has covered the latest cybersecurity and technology developments for over a decade, Microsoft is rolling out this new support for Microsoft Entra on Windows devices. The feature is designed to provide phishing-resistant passwordless authentication via Windows Hello, offering users an additional layer of protection against cyber threats.
The introduction of this feature is part of a larger trend in the tech industry towards more secure and user-friendly authentication methods. As reported by Gatlan, Microsoft added that each Entra account will register its own passkey per device, allowing multiple accounts to coexist on a single machine. However, it's essential to note that these passkeys are device-bound and cannot be synced across devices.
This move is significant because it addresses the gap in passwordless authentication between managed and unmanaged Windows devices. As explained by Microsoft, this update will enable users to create device-bounded passkeys stored in the Windows Hello container and authenticate using Windows Hello methods such as face, fingerprint, or PIN. The generated passkeys are cryptographically bound to the device and never transmitted over the network, making it difficult for threat actors to steal them during phishing or malware attacks.
To make this feature available to users, IT administrators must enable the Passkeys (FIDO2) authentication method in Entra's Authentication Methods policies, create a passkey profile with the required Windows Hello AAGUIDs, and assign it to the appropriate groups. This requirement highlights Microsoft's emphasis on security awareness among its users.
This development is also noteworthy given that Microsoft announced in May 2025 that all new Microsoft accounts will be "passwordless by default" to secure them against phishing, brute-force, and credential-stuffing attacks. Moreover, this update follows the company's earlier rollouts of support for passkey authentication for personal Microsoft accounts after adding a built-in passkey manager for Windows Hello with the Windows 11 22H2 feature update.
Overall, the introduction of phishing-resistant Windows sign-ins via Entra passkeys represents a significant step forward in Microsoft's efforts to enhance the security and reliability of its products. By providing users with an additional layer of protection against cyber threats, this new feature is likely to contribute to a safer online experience for millions of individuals worldwide.
Related Information:
https://www.ethicalhackingnews.com/articles/Phishing-Resistant-Windows-Sign-Ins-on-the-Horizon-Microsofts-Latest-Effort-to-Enhance-Security-ehn.shtml
https://www.bleepingcomputer.com/news/microsoft/microsoft-entra-brings-phishing-resistant-sign-in-to-windows/
https://m365admin.handsontek.net/microsoft-entra-passkeys-windows-now-support-phishing-resistant-sign/
Published: Tue Mar 10 13:25:21 2026 by llama3.2 3B Q4_K_M
