Microsoft will roll out passkey support for Microsoft Entra-protected resources on Windows devices starting late April. The move enables phishing-resistant passwordless authentication for enterprise users.
Microsoft is expanding its passwordless authentication strategy by introducing passkey support to Windows devices. The rollout, scheduled for late April, will allow users accessing Microsoft Entra-protected resources to authenticate using passkeys instead of traditional passwords.
Passkeys represent a significant shift in cybersecurity approach. Unlike passwords, which can be phished or breached, passkeys use cryptographic technology tied to specific devices. Users authenticate through biometric verification (fingerprint or face recognition) or a device PIN, making them resistant to common attack vectors.
The integration with Microsoft Entra, Microsoft's cloud-based identity platform, positions passkeys as a core component of the company's zero-trust security framework. This aligns with broader industry momentum toward eliminating passwords entirely.
For enterprise organizations, the late April timeline offers a clear implementation window. Windows users will be able to register passkeys on their devices and use them for seamless authentication across Entra-protected applications and services.
Microsoft has been gradually building passkey support across its ecosystem. This Windows rollout complements existing passkey functionality in other Microsoft products and reflects the company's commitment to phishing-resistant authentication methods.
The move addresses growing security concerns around password-based breaches. Organizations managing large user bases benefit from reducing the attack surface associated with password management, storage, and reset procedures.
Adoption of passkeys requires both platform support and user education. Microsoft's rollout on Windows—its dominant operating system—removes a major adoption barrier and could accelerate enterprise-wide passkey implementation.
The late April launch follows Microsoft's pattern of staged feature releases, allowing the company to monitor adoption and address potential issues before broader deployment.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.