Microsoft Entra ID: Passkeys Will Become the Standard Starting in September 2026


This text was generated using artificial intelligence (AI).On July 13, 2026, Microsoft announced a strategic change to its identity and access management system, Microsoft Entra ID. Starting September 1, 2026, passkeys will be phased in as the default method for multi-factor authentication (MFA). The goal of this measure is to strengthen account security through phishing-resistant login methods while phasing out vulnerable methods such as SMS and voice calls.

The transition affects all organizations using Microsoft Entra ID in the public cloud. Separate timelines will be announced for other cloud environments. The official Microsoft announcement is available in the Microsoft 365 Message Center at MC1426371 available.

Update July 14, 2026: In addition, a critical vulnerability in Microsoft Exchange Server has been disclosed (CVE-2026-55008, CVSS 9.6). The vulnerability allows remote code execution and affects multiple versions of Exchange. See below for details.