{"id":9174,"date":"2026-07-14T18:59:21","date_gmt":"2026-07-14T18:59:21","guid":{"rendered":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/"},"modified":"2026-07-14T18:59:21","modified_gmt":"2026-07-14T18:59:21","slug":"microsoft-entra-id-passkeys-werden-ab-september-2026-standard","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/en\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/","title":{"rendered":"Microsoft Entra ID: Passkeys Will Become the Standard Starting in September 2026"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Back to Blog                <a href=\"https:\/\/locaterisk.com\/en\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">Microsoft Entra ID: Passkeys Will Become the Standard Starting in September 2026<\/h1>\r\n            <p class=\"paragraph\"><br><span class=\"lr-ai-disclosure\" style=\"display:block;margin:8px 0 28px;font-size:14px;line-height:1.4;color:#8b93a7;font-family:inherit;font-style:italic;\">This text was generated using artificial intelligence (AI).<\/span>On July 13, 2026, Microsoft announced a strategic change to its identity and access management system, Microsoft Entra ID. Starting September 1, 2026, passkeys will be phased in as the default method for multi-factor authentication (MFA). The goal of this measure is to strengthen account security through phishing-resistant login methods while phasing out vulnerable methods such as SMS and voice calls.<br><br>The transition affects all organizations using Microsoft Entra ID in the public cloud. Separate timelines will be announced for other cloud environments. The official Microsoft announcement is available in the Microsoft 365 Message Center at <strong>MC1426371<\/strong> available.<br><br><strong>Update July 14, 2026:<\/strong> In addition, a critical vulnerability in Microsoft Exchange Server has been disclosed (CVE-2026-55008, CVSS 9.6). The vulnerability allows remote code execution and affects multiple versions of Exchange. See below for details.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png\" alt=\"Microsoft Entra ID: Passkeys werden ab September 2026 Standard\" class=\"wp-image-9142\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png 400w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-300x300.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-150x150.png 150w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory-12x12.png 12w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>The Facts at a Glance<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Passkeys as the standard:<\/strong> Starting September 1, 2026, users will be prompted to register passkeys; starting February 1, 2027, this will be mandatory.<\/li>\n\n\n\n<li><strong>SMS\/Voice will be turned off:<\/strong> Microsoft's native services for SMS and voice sign-in will end on February 1, 2027. Third-party integration via the Microsoft Security Store will remain available.<\/li>\n\n\n\n<li><strong>Affected platform:<\/strong> Microsoft Entra ID (Public Cloud).<\/li>\n\n\n\n<li><strong>Critical Exchange Vulnerability:<\/strong> CVE-2026-55008 (CVSS 9.6) affects Exchange Server 2016 CU23, 2019 CU14\/CU15, and the Subscription Edition RTM. Remote code execution is possible without authentication; user interaction is required.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The timeline for the transition<\/strong><\/h2>\n\n\n\n<p>To ensure a smooth implementation, Microsoft has published a phased rollout plan. IT administrators should take note of the following dates:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Effective August 1, 2026:<\/strong> API support will be available to configure a temporary opt-out for the passkey rollout.<\/li>\n\n\n\n<li><strong>Effective September 1, 2026:<\/strong> When logging in via MFA, users are offered the option to register a passkey. Participation is still optional at this stage.<\/li>\n\n\n\n<li><strong>Effective September 18, 2026:<\/strong> Microsoft publishes information about supported third-party telecommunications service providers in the Microsoft Security Store.<\/li>\n\n\n\n<li><strong>Effective October 30, 2026:<\/strong> Administrators can configure third-party telecommunications services in the Microsoft Security Store for SMS and voice sign-in.<\/li>\n\n\n\n<li><strong>Effective February 1, 2027:<\/strong> Microsoft's native SMS and voice services will be discontinued. The prompt to register for a passkey will become mandatory for all affected users and can no longer be skipped.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Need for Action and Options for Administrators<\/strong><\/h2>\n\n\n\n<p>Companies must adapt their authentication strategies to this new framework. The transition period, which runs through February 2027, provides time to prepare internal processes and user communications.<\/p>\n\n\n\n<p>Organizations that continue to rely on SMS- or voice-based authentication must turn to third-party solutions that can be integrated through the Microsoft Security Store. However, Microsoft clearly recommends switching to methods that are completely resistant to phishing.<\/p>\n\n\n\n<p>Users who already use secure methods such as <strong>Windows Hello for Business<\/strong>, <strong>FIDO2 Security Keys<\/strong>, use certificate-based authentication or smart cards, are not affected by the new registration prompt, according to Microsoft Learn.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Critical Vulnerability in Microsoft Exchange Server (CVE-2026-55008)<\/strong><\/h2>\n\n\n\n<p>In conjunction with the passkey migration, a critical security vulnerability in Microsoft Exchange Server was disclosed on July 14, 2026. The vulnerability, CVE-2026-55008, received a CVSS score of 9.6 and allows remote code execution over the network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Technical Details<\/strong><\/h3>\n\n\n\n<p>The vulnerability affects the following versions of Exchange:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft Exchange Server 2016 Cumulative Update 23<\/li>\n\n\n\n<li>Microsoft Exchange Server 2019 Cumulative Update 14<\/li>\n\n\n\n<li>Microsoft Exchange Server 2019 Cumulative Update 15<\/li>\n\n\n\n<li>Microsoft Exchange Server Subscription Edition RTM<\/li>\n<\/ul>\n\n\n\n<p>An attacker can exploit the vulnerability without prior authentication (PR:N), but user interaction is required (UI:R). The attack vector is network-based (AV:N) with low attack complexity (AC:L). If successfully exploited, high impacts on confidentiality, integrity, and availability are possible (C:H\/I:H\/A:H). The scope is \u201eChanged\u201c (S:C), which means that the impact may extend beyond the vulnerable component.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Assessment and Recommendations for Action<\/strong><\/h3>\n\n\n\n<p>As of this publication, the patch status is unknown. There is no information available regarding active exploitation or inclusion in the CISA KEV list. Organizations with Exchange servers running the affected versions should continuously monitor the Microsoft Security Response Center advisory at https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-55008 and prioritize the installation of available security updates.<\/p>\n\n\n\n<p>The combination of a high CVSS score, a network-based attack vector, and the potential for remote code execution makes CVE-2026-55008 a critical threat to Exchange infrastructures. Until a patch is available, administrators should consider mitigating measures such as network segmentation, enhanced monitoring, and access restrictions on Exchange services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Relevance for Organizations in Germany, Austria, and Switzerland<\/strong><\/h2>\n\n\n\n<p>This transition is particularly relevant for companies subject to NIS 2 and KRITIS operators in Germany: The use of phishing-resistant authentication methods complies with the requirements for technical security measures under Section 30 of the BSIG. The BSI explicitly recommends FIDO2-based methods and passkeys as strong authentication methods. Organizations that use Microsoft Entra ID as their central identity service should also include the transition in their GDPR-compliant change documentation and verify whether the change to the authentication infrastructure requires internal risk assessments in accordance with ISO 27001.<\/p>\n\n\n\n<p>The Exchange vulnerability CVE-2026-55008 underscores the urgency of a comprehensive Microsoft security management approach. Organizations with Exchange servers must include this vulnerability in their risk assessment in accordance with ISO 27001 Annex A 8.8 (Vulnerability Management) and document it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Classification from the EASM and VRM Perspectives<\/strong><\/h2>\n\n\n\n<p>A change in authentication methods at a central identity provider such as Microsoft has a direct impact on the external attack surface and supplier risk management.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>External Attack Surface Management (EASM):<\/strong> Microsoft Entra ID is an externally accessible service whose sign-in portals are part of an organization\u2019s digital infrastructure. An EASM platform such as LocateRisk identifies these and other exposed authentication endpoints (e.g., for VPNs or cloud services). Knowing which systems depend on Entra ID is essential for assessing the impact of this policy change on your organization\u2019s security posture. At the same time, externally accessible Exchange servers must be identified and checked for vulnerability to CVE-2026-55008.<\/li>\n\n\n\n<li><strong>Vendor Risk Management (VRM):<\/strong> Microsoft is a critical supplier for most companies. A mandatory change to security policies is a significant event in cyber supply chain risk management. Continuous monitoring as part of VRM helps identify such changes among strategic partners and ensure an organization\u2019s own compliance with standards such as NIS-2 or ISO 27001, which require active management of supplier risks. The Exchange vulnerability underscores the need to also monitor patch management processes for critical Microsoft products within the VRM context.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Here's How LocateRisk Can Help You<\/strong><\/h2>\n\n\n\n<p>The LocateRisk platform provides you with the necessary visibility into your external attack surface and the security posture of your suppliers. Identify all external systems that rely on Microsoft Entra ID for authentication, and assess the security performance of your critical technology partners. Identify exposed Exchange servers and other Microsoft services in your infrastructure to quickly locate and prioritize vulnerabilities such as CVE-2026-55008.<\/p>\n\n\n\n<p>Our \u201eMade in Germany\u201c solution is hosted in certified German data centers\u2014designed to meet GDPR requirements and with reduced risks associated with exposure to the U.S. Cloud Act.<\/p>\n\n\n\n<p><a href=\"https:\/\/locaterisk.com\/en\/demo-anfordern\/\" target=\"_blank\" rel=\"noreferrer noopener\">Request a no-obligation analysis of your attack surface.<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Sources and further information<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Microsoft Security Blog (July 13, 2026):<\/strong> <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/07\/13\/microsoft-entra-id-security-updates-passkeys-are-the-default-authentication-method-in-entra-id\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID<\/a><\/li>\n\n\n\n<li><strong>Microsoft Learn:<\/strong> <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/concept-sms-voice-retirement\" target=\"_blank\" rel=\"noreferrer noopener\">Discontinuation of SMS and Voice for Authentication in Microsoft Entra ID<\/a><\/li>\n\n\n\n<li><strong>BleepingComputer (July 14, 2026):<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-entra-id-gets-passkeys-default-authentication-starting-september\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Entra ID will use passkeys as the default authentication method starting in September<\/a><\/li>\n\n\n\n<li><strong>Microsoft Security Response Center:<\/strong> <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-55008\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-55008 Security Update Guide<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Frequently asked questions<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Who is affected by the transition to Microsoft Entra ID passkeys?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">All organizations and users who use Microsoft Entra ID in the public cloud. The exception is users who already use another phishing-resistant authentication method, such as Windows Hello for Business, FIDO2 security keys, or smart cards\u2014according to Microsoft Learn, these users will not receive a new registration prompt.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Will I still be able to use text messages and voice calls after February 1, 2027?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Yes, the service will still be available, but no longer through Microsoft's native service. To use it, organizations must integrate a supported third-party telecommunications service provider via the Microsoft Security Store. Configuration will be possible starting October 30, 2026; Microsoft will publish information about available providers starting September 18, 2026.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What happens if users skip the passkey registration?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Between September 1, 2026, and February 1, 2027, users can skip the prompt. After this deadline, the registration dialog will become mandatory. Affected users will then no longer be able to sign up without interacting with the prompt.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Are my Exchange servers affected by CVE-2026-55008?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Check to see if you are running one of the affected versions: Exchange Server 2016 CU23, Exchange Server 2019 CU14 or CU15, or Exchange Server Subscription Edition RTM. Monitor the Microsoft Security Response Center for patch information and apply available updates immediately.<\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Request your personal Live-Demo now<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"microsoft-entra-id-passkeys-werden-ab-september-2026-standard\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"first name\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"last name\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Email\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p class=\"translation-block\">I agree with the <a href=\"https:\/\/locaterisk.com\/en\/datenschutz\/\" target=\"_self\">privacy policy<\/a>.<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Request a Demo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>Want to find out more, book a demo or simply exchange ideas? We look forward to hearing from you!<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Your personal consultant<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">CEO<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Get in Touch Now<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/en\/\">Home<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/about\/\">About Us<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/impressum\/\">Legal Notice<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/datenschutz\/\">Privacy<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/gtc.pdf\">General Terms and Conditions<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/jobs\/\">Jobs<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Trust Center<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Starting September 1, 2026, passkeys will become the default sign-in method in Microsoft Entra ID. Learn what the timeline and the phase-out of SMS mean for your organization.<\/p>","protected":false},"author":13,"featured_media":9142,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9174","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Entra ID f\u00fchrt Passkeys als Standard ab September 2026 ein<\/title>\n<meta name=\"description\" content=\"Ab dem 1. September 2026 werden Passkeys zur Standard-Anmeldemethode in Microsoft Entra ID. Erfahren Sie, was der Zeitplan und die Abschaltung von SMS f\u00fcr Ihr Unternehmen bedeuten.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/en\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Entra ID f\u00fchrt Passkeys als Standard ab September 2026 ein\" \/>\n<meta property=\"og:description\" content=\"Ab dem 1. September 2026 werden Passkeys zur Standard-Anmeldemethode in Microsoft Entra ID. Erfahren Sie, was der Zeitplan und die Abschaltung von SMS f\u00fcr Ihr Unternehmen bedeuten.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/en\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-14T18:59:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Hoinkis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Hoinkis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/\"},\"author\":{\"name\":\"Kristina Hoinkis\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\"},\"headline\":\"Microsoft Entra ID: Passkeys werden ab September 2026 Standard\",\"datePublished\":\"2026-07-14T18:59:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/\"},\"wordCount\":1383,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/\",\"name\":\"Microsoft Entra ID f\u00fchrt Passkeys als Standard ab September 2026 ein\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"datePublished\":\"2026-07-14T18:59:21+00:00\",\"description\":\"Ab dem 1. September 2026 werden Passkeys zur Standard-Anmeldemethode in Microsoft Entra ID. Erfahren Sie, was der Zeitplan und die Abschaltung von SMS f\u00fcr Ihr Unternehmen bedeuten.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/compliance-regulatory.png\",\"width\":400,\"height\":400,\"caption\":\"compliance-regulatory\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Entra ID: Passkeys werden ab September 2026 Standard\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\",\"name\":\"Kristina Hoinkis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"caption\":\"Kristina Hoinkis\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Entra ID will introduce passkeys as the default starting in September 2026","description":"Starting September 1, 2026, passkeys will become the default sign-in method in Microsoft Entra ID. Learn what the timeline and the phase-out of SMS mean for your organization.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/en\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Entra ID f\u00fchrt Passkeys als Standard ab September 2026 ein","og_description":"Ab dem 1. September 2026 werden Passkeys zur Standard-Anmeldemethode in Microsoft Entra ID. Erfahren Sie, was der Zeitplan und die Abschaltung von SMS f\u00fcr Ihr Unternehmen bedeuten.","og_url":"https:\/\/locaterisk.com\/en\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/","og_site_name":"LocateRisk","article_published_time":"2026-07-14T18:59:21+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","type":"image\/png"}],"author":"Kristina Hoinkis","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kristina Hoinkis","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/"},"author":{"name":"Kristina Hoinkis","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32"},"headline":"Microsoft Entra ID: Passkeys werden ab September 2026 Standard","datePublished":"2026-07-14T18:59:21+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/"},"wordCount":1383,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/","url":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/","name":"Microsoft Entra ID will introduce passkeys as the default starting in September 2026","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","datePublished":"2026-07-14T18:59:21+00:00","description":"Starting September 1, 2026, passkeys will become the default sign-in method in Microsoft Entra ID. Learn what the timeline and the phase-out of SMS mean for your organization.","breadcrumb":{"@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/compliance-regulatory.png","width":400,"height":400,"caption":"compliance-regulatory"},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/de\/microsoft-entra-id-passkeys-werden-ab-september-2026-standard\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"Microsoft Entra ID: Passkeys werden ab September 2026 Standard"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Measure and compare IT security","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32","name":"Kristina Hoinkis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","caption":"Kristina Hoinkis"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/comments?post=9174"}],"version-history":[{"count":0,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/9174\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media\/9142"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media?parent=9174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/categories?post=9174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/tags?post=9174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}