Microsoft will begin making passkeys the default authentication method for Microsoft Entra ID later this year as part of a broader move away from SMS and voice-based multi-factor authentication. The transition starts on September 1, 2026, while Microsoft’s native SMS and voice authentication services will be retired on February 1, 2027.
Under the rollout, users who currently rely on SMS or voice authentication will automatically become eligible for passkeys. During future multi-factor authentication sign-ins, they will be prompted to register a passkey, although they will initially be able to skip the registration. Microsoft said the changes will be deployed gradually across Entra ID tenants.
After February 1, 2027, Microsoft will no longer provide SMS or voice authentication directly through Entra ID. Organizations that still need those methods for regulatory or operational reasons will have to configure a third-party telecom provider through the Microsoft Security Store. Any associated telecom costs will be the customer’s responsibility.
Microsoft said the change is driven by the growing sophistication of identity attacks. According to the company, authentication methods based on SMS and voice calls are increasingly vulnerable to phishing, SIM-swapping, interception, and social engineering, while passkeys rely on public-key cryptography that is resistant to these attacks.
The company is encouraging administrators to prepare before the rollout begins by enabling passkeys, educating users about the registration process, and reviewing whether phone-based authentication is still required within their organizations. Businesses that plan to continue using SMS or voice authentication are advised to select and configure a supported telecom provider well before Microsoft’s retirement deadline to avoid service disruptions.
The announcement comes as Microsoft continues expanding passwordless authentication across its ecosystem. Passkeys are already supported in Microsoft accounts, Windows, and Microsoft 365, and the company has been steadily promoting phishing-resistant authentication as part of its Secure Future Initiative. The latest Entra ID changes extend that strategy to enterprise identity management, with Microsoft positioning passkeys as the primary authentication method for organizations going forward.