{"id":47028,"date":"2025-03-03T07:52:36","date_gmt":"2025-03-03T06:52:36","guid":{"rendered":"https:\/\/www.firstware.com\/?p=47028"},"modified":"2025-03-10T10:50:53","modified_gmt":"2025-03-10T09:50:53","slug":"passkeys-the-future-of-authentication","status":"publish","type":"post","link":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/","title":{"rendered":"Passkeys: The Future of Authentication"},"content":{"rendered":"<p>A <strong>passkey is an authentication method<\/strong> based on the FIDO2 standard specification. Unlike traditional <a href=\"https:\/\/firstware.com\/en\/identity-management\/password-reset-self-service-for-users\/\">passwords<\/a>, a passkey securely stores cryptographic key pairs on a device, such as a smartphone or a hardware token. The private key remains on the device, while the public key is registered on the server. This allows for passwordless login that is <strong>both more secure and user-friendly<\/strong>.<\/p>\n<p>Many online services now offer login with a passkey instead of a username and password. This includes Entra ID and thus Microsoft 365. Microsoft has also integrated passkey authentication into Windows 11 and significantly improved it with the Windows 11 24H2 update.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Index<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Passkeys-versus-Passwords\" >Passkeys versus Passwords<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Functionality-and-Integration-of-Passkeys-in-Microsoft-Environments\" >Functionality and Integration of Passkeys in Microsoft Environments<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Implementing-Passkeys-in-Entra-ID\" >Implementing Passkeys in Entra ID<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Setting-Up-and-Using-Passkeys-with-Windows-Hello\" >Setting Up and Using Passkeys with Windows Hello<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Setting-Up-Passkeys-with-Windows-Hello\" >Setting Up Passkeys with Windows Hello<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Configuring-Passkeys\" >Configuring Passkeys<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Selecting-Sign-In-Methods-and-Storage\" >Selecting Sign-In Methods and Storage<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Availability-and-Storage-of-Passkeys\" >Availability and Storage of Passkeys<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Using-and-Managing-Passkeys\" >Using and Managing Passkeys<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Managing-Passkeys-in-Windows-11\" >Managing Passkeys in Windows 11<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Enhanced-Security-with-Windows-Hello-for-Business\" >Enhanced Security with Windows Hello for Business<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Secure-Authentication-for-Enterprises\" >Secure Authentication for Enterprises<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Setup-and-Management-in-Microsoft-Intune\" >Setup and Management in Microsoft Intune<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Windows-Hello-User-Setup\" >Windows Hello: User Setup<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Managing-Connected-Devices\" >Managing Connected Devices<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#Secure-Management-with-the-IAM-Solution-IDM-Portal\" >Secure Management with the IAM Solution IDM-Portal<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#More-about-FirstWare-IDM-Portal\" >More about FirstWare IDM-Portal<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Passkeys-versus-Passwords\"><\/span>Passkeys versus Passwords<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>While passwords have long been the standard, increasing security risks have led to a shift towards <strong>multi-factor authentication (MFA) and biometric solutions<\/strong>. <strong>Passkeys are the next step in this evolution<\/strong>, combining the benefits of biometrics and cryptographic methods.<\/p>\n<p>Passwords are vulnerable to phishing, brute-force attacks, and data leaks. Passkeys eliminate these vulnerabilities as they do not need to be transmitted or stored. For users, passkeys offer increased convenience as they can often be used with simple biometrics like fingerprint or facial recognition, without the need for complex passwords.<\/p>\n<p>If you want to know how to check password policies in an AD domain, read our article: <a href=\"https:\/\/firstware.com\/en\/blog\/check-password-rules\/\" target=\"_new\" rel=\"noopener\" data-start=\"911\" data-end=\"1015\">Check password rules in Active Directory<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Functionality-and-Integration-of-Passkeys-in-Microsoft-Environments\"><\/span>Functionality and Integration of Passkeys in Microsoft Environments<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Passkeys can be seamlessly integrated into Microsoft environments such as Windows or Entra ID (formerly Azure AD) into existing authentication processes. Users register their device where the private key is securely stored. Upon login, the system presents a cryptographic challenge that the device signs with the private key, ensuring secure and fast authentication.<\/p>\n<p>This works equally well whether using multiple devices in the office, mobile, or working from home. For users, this means a simple and <strong>intuitive login that ends reliance on passwords<\/strong>. IT departments benefit from increased security and reduced support requests, as passwords no longer need to be reset or managed. Additionally, the risk of data theft is significantly minimized.<\/p>\n<p>Passkeys are a <strong>key technology for zero-trust strategies<\/strong>. Since no sensitive data is transmitted, they are immune to phishing attacks. Combined with multi-factor authentication (MFA), passkeys create a robust security architecture that protects both user accounts and corporate resources.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Implementing-Passkeys-in-Entra-ID\"><\/span>Implementing Passkeys in Entra ID<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Entra ID and thus Microsoft 365 are particularly well-suited for passkeys, as users often work with the system mobile and access services from multiple locations with different devices. The introduction of passkeys in Entra ID involves several steps:<\/p>\n<ol>\n<li><strong>Check prerequisites<\/strong>: Ensure your environment is FIDO2-compliant.<\/li>\n<li><strong>Configure Entra ID<\/strong>: Enable passwordless logins in authentication settings.<\/li>\n<li><strong>Register devices<\/strong>: Allow users to register compatible devices such as smartphones or security keys.<\/li>\n<li><strong>Train users<\/strong>: Educate your users about the use of passkeys.<\/li>\n<\/ol>\n<p>Successful implementation requires up-to-date software versions and a clear policy for use. IT administrators should also conduct regular audits to ensure passkeys are used correctly.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Setting-Up-and-Using-Passkeys-with-Windows-Hello\"><\/span>Setting Up and Using Passkeys with Windows Hello<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Setting-Up-Passkeys-with-Windows-Hello\"><\/span>Setting Up Passkeys with Windows Hello<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Passkeys for Microsoft accounts are available and allow passwordless login to Microsoft 365 applications. With this method, users can forego traditional passwords and instead rely on the security of <a href=\"https:\/\/www.microsoft.com\/de-de\/windows\/tips\/windows-hello\" target=\"_blank\" rel=\"noopener\">Windows Hello<\/a> or a physical security key. <strong>Windows Hello<\/strong> supports, among other things, <strong>facial recognition<\/strong>, <strong>fingerprint scanners<\/strong>, or <strong>PIN codes<\/strong>, which can be directly linked to the Microsoft account. The setup differs slightly from the use of accounts from Entra ID and mainly concerns users who want to log in to their Windows PC with Windows Hello and integrate passkeys into the operating system. We will discuss the setup with Entra ID in more detail in a later section.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Configuring-Passkeys\"><\/span>Configuring Passkeys<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Configuring passkeys begins in the account settings of the Microsoft account. You can find these either via the user icon at the top right in Microsoft 365 or directly at &#8220;<em>account.microsoft.com<\/em>&#8220;. Make sure you are not logged into an Entra ID account. In this section, we will focus on implementing passkeys in Windows 11 without linking them to Entra ID.<\/p>\n<p>After logging in, go to the &#8220;security&#8221; section and select &#8220;additional security options.&#8221; Click on &#8220;manage how you sign in.&#8221; In the window, you will see the current sign-in options. You can add more sign-in services, for example, passkeys, with &#8220;add a new way to sign in or verify.&#8221;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Selecting-Sign-In-Methods-and-Storage\"><\/span>Selecting Sign-In Methods and Storage<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div id=\"attachment_47150\" style=\"width: 715px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47150\" class=\"wp-image-47150\" title=\"\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png\" alt=\"Set up passkeys with Windows Hello\" width=\"705\" height=\"499\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png 1398w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01-300x212.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01-1024x724.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01-768x543.png 768w\" sizes=\"(max-width: 705px) 100vw, 705px\" \/><\/a><p id=\"caption-attachment-47150\" class=\"wp-caption-text\">Set up passkeys with Windows Hello<\/p><\/div>\n<p>The dialog that appears offers a selection of several methods. Here, you choose &#8220;<em>facial recognition, fingerprint, PIN, or security key<\/em>.&#8221; Then the wizard that guides you through the configuration starts. The selection of options in the next window varies depending on the PC and its equipment. If a device supports fingerprint or facial recognition, these biometric methods will appear.<\/p>\n<div id=\"attachment_47152\" style=\"width: 829px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-02.png\" data-rel=\"lightbox-image-1\" data-rl_title=\"\" data-rl_caption=\"\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47152\" class=\"wp-image-47152 \" title=\"\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-02.png\" alt=\"Sign-in or verification options \" width=\"819\" height=\"544\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-02.png 1178w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-02-300x199.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-02-1024x680.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-02-768x510.png 768w\" sizes=\"(max-width: 819px) 100vw, 819px\" \/><\/a><p id=\"caption-attachment-47152\" class=\"wp-caption-text\">Select different options to sign in with Windows Hello and passkeys<\/p><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Availability-and-Storage-of-Passkeys\"><\/span>Availability and Storage of Passkeys<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>By storing the passkey in the Microsoft account, it is <strong>available on all devices<\/strong> where you sign in with the same Microsoft account. You only need to go through the Windows Hello setup once and can then access all passkeys stored in the Microsoft account. Windows Hello also allows the storage of passkeys on mobile storage devices or smartphones linked to the PC. This storage option is shown by the setup wizard when such a device is connected to the PC.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Using-and-Managing-Passkeys\"><\/span>Using and Managing Passkeys<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Once the primary key or passkey has been added, a message appears, and you can use it to sign in in the future. For example, if you choose the &#8220;<em>iPhone, iPad, or Android device<\/em>&#8221; option, a QR code will appear that needs to be scanned with the smartphone. On the smartphone, you can then select which app to store the key in. This can be, for example, an <strong>authenticator app<\/strong> or, in the case of iPhones, the new &#8220;Passwords&#8221; app. After saving, the process is completed, and the sign-in option is saved in the Microsoft account.<\/p>\n<p>Through &#8220;additional security options,&#8221; you can convert the account to a passwordless account on the <em>account.microsoft.com<\/em> page if needed. After that, authentication will only work through Windows Hello, a passkey, or the authenticator app.<\/p>\n<div id=\"attachment_47154\" style=\"width: 1284px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-03.png\" data-rel=\"lightbox-image-2\" data-rl_title=\"\" data-rl_caption=\"\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47154\" class=\"wp-image-47154 size-full\" title=\"\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-03.png\" alt=\"Additional security options for passkeys\" width=\"1274\" height=\"426\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-03.png 1274w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-03-300x100.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-03-1024x342.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-03-768x257.png 768w\" sizes=\"(max-width: 1274px) 100vw, 1274px\" \/><\/a><p id=\"caption-attachment-47154\" class=\"wp-caption-text\">Additional security options for passkeys<\/p><\/div>\n<p>After setting up the passkey, when users log into their Microsoft account, they click on the respective sign-in option they want to use in the login dialog. Besides username or password authentication, users can choose the option &#8220;<em>Use your face, fingerprint, PIN, or security key instead<\/em>&#8220;. By selecting this option, users can sign in with Windows Hello and use their Microsoft account from the cloud.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Managing-Passkeys-in-Windows-11\"><\/span>Managing Passkeys in Windows 11<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Regardless of where you use passkeys, you can manage the main keys in Windows 11, even for multiple services. An overview of the stored passkeys can be found in the Settings app under <em>Accounts =&gt; Main Keys<\/em>. They can be deleted here if no longer needed.<\/p>\n<div id=\"attachment_47158\" style=\"width: 812px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-04.png\" data-rel=\"lightbox-image-3\" data-rl_title=\"\" data-rl_caption=\"\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47158\" class=\"wp-image-47158\" title=\"\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-04.png\" alt=\"Overview of stored passkeys \" width=\"802\" height=\"501\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-04.png 1269w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-04-300x187.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-04-1024x640.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-04-768x480.png 768w\" sizes=\"(max-width: 802px) 100vw, 802px\" \/><\/a><p id=\"caption-attachment-47158\" class=\"wp-caption-text\">Windows 11 offers integrated management of passkeys<\/p><\/div>\n<p>Windows 11 24H2 can synchronize the keys between multiple PCs if the same Microsoft account is used. You need to log in to the various PCs with the same Microsoft account. Set up passkey sign-in with Windows Hello as shown in this article, and Windows 11 24H2 will try to use Windows Hello with the corresponding settings when logging in with the Microsoft account on other PCs. Alternatively, a FIDO2 key can be used as storage and applied on multiple computers. This also works without Windows 11 24H2.<\/p>\n<p>With the advancement of passkeys in Windows 11 24H2, Microsoft is focusing on an optimized and more user-friendly solution for passwordless authentication. Building on the progress made so far, the new version offers additional features and extended compatibility with third-party solutions. With Windows 11 24H2, Microsoft supports passkeys from third parties, allowing users to use passkeys stored in Apple iCloud Keychain or other password managers directly in Windows.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Enhanced-Security-with-Windows-Hello-for-Business\"><\/span>Enhanced Security with Windows Hello for Business<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Secure-Authentication-for-Enterprises\"><\/span>Secure Authentication for Enterprises<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Passkeys already form the foundation for secure, passwordless authentication in private and hybrid environments. <strong>Windows Hello for Business extends this technology to meet the specific needs of enterprises.<\/strong> This solution extends the features of Windows Hello with specific security and management options for corporate networks, Entra ID, and hybrid cloud environments.<\/p>\n<p>Windows Hello for Business enables seamless and passwordless authentication to Windows workstations, corporate resources, and cloud services. The solution combines biometric methods like facial recognition and fingerprint with hardware-based security, which relies on TPM (Trusted Platform Module) or virtual smart cards. This ensures that the information needed for authentication always remains local on the device, providing protection against transmission path attacks.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Setup-and-Management-in-Microsoft-Intune\"><\/span>Setup and Management in Microsoft Intune<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Configuring Windows Hello for Business is ideally done centrally through Microsoft Intune. Administrators first need to enable the use of passkeys in the respective Azure subscription via the Entra Admin Center.<\/p>\n<div id=\"attachment_47160\" style=\"width: 814px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-05-1.png\" data-rel=\"lightbox-image-4\" data-rl_title=\"\" data-rl_caption=\"\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47160\" class=\"wp-image-47160\" title=\"\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-05-1.png\" alt=\"Enable passkeys for Entra ID in the Entra Admin Center\" width=\"804\" height=\"466\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-05-1.png 1619w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-05-1-300x174.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-05-1-1024x593.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-05-1-768x445.png 768w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-05-1-1536x890.png 1536w\" sizes=\"(max-width: 804px) 100vw, 804px\" \/><\/a><p id=\"caption-attachment-47160\" class=\"wp-caption-text\">Passkeys are enabled for Entra ID in the Entra Admin Center.<\/p><\/div>\n<p>IT administrators deploy and centrally manage security policies uniformly. In the Intune Admin Center, they enable the feature under &#8220;Devices -&gt; Enrollment -&gt; Windows Hello for Business&#8221; and set the option &#8220;Configure Windows Hello for Business&#8221; to &#8220;Enabled&#8221;.<\/p>\n<p>Under &#8220;<strong>Endpoint Security -&gt; Manage -&gt; Account Protection<\/strong>&#8220;, they create security policies. They select &#8220;Windows&#8221; as the platform and &#8220;Account Protection&#8221; as the profile type to configure PIN lengths, character types, and other security specifications in detail. They then assign the created policies to individual devices or user groups so that the settings take effect automatically.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Windows-Hello-User-Setup\"><\/span>Windows Hello: User Setup<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>After deploying the policies, the Windows Hello setup wizard starts on assigned devices when the user logs in. The wizard guides users through the process of biometric registration or setting a PIN. Users must set up registration on each device separately while the system automatically applies the specified security policies.<\/p>\n<p>After successful setup, users can access resources in the cloud or locally without needing to authenticate again. Login is done through Windows Hello or other configured methods such as the Authenticator app. Administrators can use Conditional Access when needed to require additional multi-factor authentication for specific actions or applications.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Managing-Connected-Devices\"><\/span>Managing Connected Devices<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Once a device is successfully registered, it becomes visible in the Intune Admin Center under &#8220;Devices&#8221;. Through the &#8220;Company Portal&#8221; app, users gain access to shared resources and applications or can retrieve information about their devices. This central management allows IT administrators to continuously monitor and adjust the security and compliance of all connected devices.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Secure-Management-with-the-IAM-Solution-IDM-Portal\"><\/span>Secure Management with the IAM Solution IDM-Portal<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>FirstAttribute AG&#8217;s IDM-Portal offers a user-friendly interface for <a href=\"https:\/\/firstware.com\/authorization\/\">Authorization Management<\/a>, enabling administrators to <strong>keep track of the management of access keys.<\/strong> In other words, companies can precisely control which devices and users should, can, or must use passkeys.<\/p>\n<div id=\"attachment_47324\" style=\"width: 778px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/Intune-Devices-im-IDM-Portal-verwalten-768x320-3.png\" data-rel=\"lightbox-image-5\" data-rl_title=\"\" data-rl_caption=\"\"><img decoding=\"async\" aria-describedby=\"caption-attachment-47324\" class=\"wp-image-47324 size-full\" title=\"\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/Intune-Devices-im-IDM-Portal-verwalten-768x320-3.png\" alt=\"Manage Intune devices with the IDM-Portal\n\" width=\"768\" height=\"320\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/Intune-Devices-im-IDM-Portal-verwalten-768x320-3.png 768w, https:\/\/www.firstware.com\/wp-content\/uploads\/2025\/03\/Intune-Devices-im-IDM-Portal-verwalten-768x320-3-300x125.png 300w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/a><p id=\"caption-attachment-47324\" class=\"wp-caption-text\">Manage Intune devices with the IDM-Portal<\/p><\/div>\n<p>Technically, the IDM-Portal establishes a <strong>direct connection to Intune<\/strong>. This allows administrative tasks to be carried out through an intuitive interface in the IDM-Portal and automatically synchronized in Intune. The IDM-Portal also automates a significant part of user management by automatically granting or revoking permissions based on changes in attributes, groups, or roles. This makes access key management not only more efficient but also fully secured.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"More-about-FirstWare-IDM-Portal\"><\/span>More about FirstWare IDM-Portal<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img decoding=\"async\" class=\"alignleft wp-image-36704\" title=\"IDM-Portal Hybrid IAM Solution\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2021\/08\/IDM-Portal-Hybrid-IAM-Loesung-1.png\" alt=\"IDM-Portal Hybrid IAM Solution\" width=\"238\" height=\"199\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2021\/08\/IDM-Portal-Hybrid-IAM-Loesung-1.png 453w, https:\/\/www.firstware.com\/wp-content\/uploads\/2021\/08\/IDM-Portal-Hybrid-IAM-Loesung-1-300x250.png 300w\" sizes=\"(max-width: 238px) 100vw, 238px\" \/>The <a href=\"https:\/\/firstware.com\/\"> FirstWare IDM-Portal<\/a> by FirstAttribute is an integrated solution for identity and access management (IAM) that enables automated management of users and their permissions, whether on-premises or in the cloud.<\/p>\n<p>This portal integrates all aspects of identity and access management and enables centralized access to identity and directory services.<\/p>\n<p><a href=\"https:\/\/firstware.com\/kontakt\/\" target=\"_blank\" rel=\"noopener\"><button class=\"ButtonBeratung aligncenter\">Contact us<\/button><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A passkey is an authentication method based on the FIDO2 standard specification. Unlike traditional passwords, a passkey securely stores cryptographic [&hellip;]<\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1835,1836],"tags":[1995,1996],"class_list":["post-47028","post","type-post","status-publish","format-standard","hentry","category-authorization-management-en","category-compliance-en","tag-passkeys-en","tag-windows-hello-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Passkeys: The Future of Authentication - FirstWare IDM-Portal<\/title>\n<meta name=\"description\" content=\"Passkeys as a secure alternative to passwords: definition, integration in Windows and Entra ID and why they prevent phishing.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Passkeys: The Future of Authentication - FirstWare IDM-Portal\" \/>\n<meta property=\"og:description\" content=\"Passkeys as a secure alternative to passwords: definition, integration in Windows and Entra ID and why they prevent phishing.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"FirstWare IDM-Portal\" \/>\n<meta property=\"og:image\" content=\"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png\" \/>\n<meta name=\"author\" content=\"Elysabeth Yven\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Elysabeth Yven\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/\"},\"author\":{\"name\":\"Elysabeth Yven\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/person\\\/1218d4546997de615b845bce65db7493\"},\"headline\":\"Passkeys: The Future of Authentication\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/\"},\"wordCount\":1942,\"publisher\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/passkey-windows-en-01.png\",\"keywords\":[\"Passkeys\",\"Windows Hello\"],\"articleSection\":[\"Authorization Management\",\"Compliance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/\",\"name\":\"Passkeys: The Future of Authentication - FirstWare IDM-Portal\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/passkey-windows-en-01.png\",\"description\":\"Passkeys as a secure alternative to passwords: definition, integration in Windows and Entra ID and why they prevent phishing.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/#primaryimage\",\"url\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/passkey-windows-en-01.png\",\"contentUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/passkey-windows-en-01.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/passkeys-the-future-of-authentication\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Passkeys: The Future of Authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\",\"name\":\"FirstWare IDM-Portal\",\"description\":\"Identity and Autorization Management in M365 and Active Directory\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\",\"name\":\"FirstWare IDM-Portal\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/IDM-Portal.ico\",\"contentUrl\":\"https:\\\/\\\/www.firstware.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/IDM-Portal.ico\",\"width\":1,\"height\":1,\"caption\":\"FirstWare IDM-Portal\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/person\\\/1218d4546997de615b845bce65db7493\",\"name\":\"Elysabeth Yven\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/author\\\/elysabeth-yven\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Passkeys: The Future of Authentication - FirstWare IDM-Portal","description":"Passkeys as a secure alternative to passwords: definition, integration in Windows and Entra ID and why they prevent phishing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/","og_locale":"en_US","og_type":"article","og_title":"Passkeys: The Future of Authentication - FirstWare IDM-Portal","og_description":"Passkeys as a secure alternative to passwords: definition, integration in Windows and Entra ID and why they prevent phishing.","og_url":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/","og_site_name":"FirstWare IDM-Portal","og_image":[{"url":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png","type":"","width":"","height":""}],"author":"Elysabeth Yven","twitter_misc":{"Written by":"Elysabeth Yven","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#article","isPartOf":{"@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/"},"author":{"name":"Elysabeth Yven","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/person\/1218d4546997de615b845bce65db7493"},"headline":"Passkeys: The Future of Authentication","mainEntityOfPage":{"@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/"},"wordCount":1942,"publisher":{"@id":"https:\/\/www.firstware.com\/en\/#organization"},"image":{"@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png","keywords":["Passkeys","Windows Hello"],"articleSection":["Authorization Management","Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/","url":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/","name":"Passkeys: The Future of Authentication - FirstWare IDM-Portal","isPartOf":{"@id":"https:\/\/www.firstware.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#primaryimage"},"image":{"@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#primaryimage"},"thumbnailUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png","description":"Passkeys as a secure alternative to passwords: definition, integration in Windows and Entra ID and why they prevent phishing.","breadcrumb":{"@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#primaryimage","url":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png","contentUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2025\/03\/passkey-windows-en-01.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.firstware.com\/en\/blog\/passkeys-the-future-of-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.firstware.com\/en\/"},{"@type":"ListItem","position":2,"name":"Passkeys: The Future of Authentication"}]},{"@type":"WebSite","@id":"https:\/\/www.firstware.com\/en\/#website","url":"https:\/\/www.firstware.com\/en\/","name":"FirstWare IDM-Portal","description":"Identity and Autorization Management in M365 and Active Directory","publisher":{"@id":"https:\/\/www.firstware.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firstware.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.firstware.com\/en\/#organization","name":"FirstWare IDM-Portal","url":"https:\/\/www.firstware.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.firstware.com\/wp-content\/uploads\/2019\/06\/IDM-Portal.ico","contentUrl":"https:\/\/www.firstware.com\/wp-content\/uploads\/2019\/06\/IDM-Portal.ico","width":1,"height":1,"caption":"FirstWare IDM-Portal"},"image":{"@id":"https:\/\/www.firstware.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/person\/1218d4546997de615b845bce65db7493","name":"Elysabeth Yven","url":"https:\/\/www.firstware.com\/en\/blog\/author\/elysabeth-yven\/"}]}},"_links":{"self":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts\/47028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/comments?post=47028"}],"version-history":[{"count":0,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts\/47028\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/media?parent=47028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/categories?post=47028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/tags?post=47028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}