Quelle: Link
As identity attacks grow more sophisticated in the AI era, organizations need stronger authentication methods that protect users from phishing, credential theft, and social engineering. To address these evolving threats, Microsoft Entra ID is updating its authentication experience by making passkeys the default phishing-resistant authentication method, helping customers reduce reliance on phishable methods such as SMS and voice.
Beginning September 1, 2026, Microsoft will begin rolling out passkeys as the default authentication experience in Microsoft Entra ID. As the rollout reaches each organization, users enabled for SMS or voice authentication will automatically be enabled for passkeys, and the next time they perform multifactor authentication, they’ll be prompted to register a passkey.
Following this transition, on February 1, 2027, Microsoft will retire Microsoft-provided telecom delivery for SMS and voice authentication and will no longer offer SMS and voice as a native Microsoft Entra capability. Organizations that still require SMS or voice authentication methods will have the option to choose one of our telecom partners through the Microsoft Security Store. Customers will be responsible for any associated telecom-related costs charged by the telecom partners.
We strongly recommend moving users to passkeys or another phishing-resistant authentication method as soon as possible.
Timeline
| Date | Milestone |
|---|---|
| September 1, 2026 | All users enabled for SMS or voice are auto-enabled and nudged for passkey registration upon multifactor authentication sign-in.
Use the passkey deployment guide to prepare your environment for passkey use. Notify affected users about the upcoming change. Ensure every user has a phishing-resistant authentication method, such as a passkey, Entra passkeys on Windows, or a FIDO2 security key. |
| September 18, 2026 | Pricing, commercial terms, and a list of supported telecom providers will be shared.
If you plan to continue using SMS or voice authentication, review the available provider options and identify affected users. |
| October 30, 2026 | Admins may select and configure a supported telecom provider through the Microsoft Security Store. |
| February 1, 2027 | Microsoft-provided SMS and voice authentication ends.
If SMS or voice remains necessary for specific users, configure a supported telecom provider before this date. |
| After February 1, 2027 | Users who use SMS or voice for multifactor authentication will be required to register a passkey before they can sign in. Automatic prompts to register a passkey will be enforced for all users in all tenants. There will be no opt-out option. |






