Microsoft will roll out passkey support for Microsoft Entra-protected resources on Windows devices starting late April. The move enables phishing-resistant passwordless authentication for enterprise users.
Microsoft is expanding its passwordless authentication strategy by introducing passkey support to Windows devices. The rollout, scheduled for late April, will allow users accessing Microsoft Entra-protected resources to authenticate using passkeys instead of traditional passwords.
Passkeys represent a significant shift in cybersecurity approach. Unlike passwords, which can be phished or breached, passkeys use cryptographic technology tied to specific devices. Users authenticate through biometric verification (fingerprint or face recognition) or a device PIN, making them resistant to common attack vectors.
The integration with Microsoft Entra, Microsoft's cloud-based identity platform, positions passkeys as a core component of the company's zero-trust security framework. This aligns with broader industry momentum toward eliminating passwords entirely.
For enterprise organizations, the late April timeline offers a clear implementation window. Windows users will be able to register passkeys on their devices and use them for seamless authentication across Entra-protected applications and services.
Microsoft has been gradually building passkey support across its ecosystem. This Windows rollout complements existing passkey functionality in other Microsoft products and reflects the company's commitment to phishing-resistant authentication methods.
The move addresses growing security concerns around password-based breaches. Organizations managing large user bases benefit from reducing the attack surface associated with password management, storage, and reset procedures.
Adoption of passkeys requires both platform support and user education. Microsoft's rollout on Windows—its dominant operating system—removes a major adoption barrier and could accelerate enterprise-wide passkey implementation.
The late April launch follows Microsoft's pattern of staged feature releases, allowing the company to monitor adoption and address potential issues before broader deployment.
Microsoft has released a patch for a zero-day vulnerability in Windows Defender that could allow attackers to exhaust hard disk space. The flaw was discovered and reported by security researcher NightmareEclipse.
A software defect from 2006 triggered a cascading network failure that knocked out Telstra's national phone service Wednesday morning. The bug, related to daylight savings time processing, created a 'digital domino chain' that locked customers out across the country.
The EU Parliament is advancing legislation that would require tech companies to scan for child sexual abuse material (CSAM), reviving a proposal rejected in March. End-to-end encrypted services like WhatsApp would be exempt from the requirements.
Hackers compromised the Injective Labs SDK repository on GitHub and published a malicious package to npm that steals cryptocurrency wallet private keys and seed phrases from developers.