Setup passkeys as MFA method for password less sign in
Setup passkeys as MFA method for passwordless sign-in
This guide helps end users register a passkey for their Microsoft work or school account.
It is written for users, not tenant administrators.
What is a passkey
A passkey is a phishing-resistant authentication method based on FIDO2 standards. Depending on your organization's policy, the passkey can be:
- stored in Microsoft Authenticator
- stored on a hardware security key
- stored by a supported platform or passkey provider
Before you begin
You need:
- a Microsoft work or school account
- permission from your IT team to use passkeys
- a supported device and browser
- Microsoft Authenticator if your organization uses Authenticator-based passkeys
- a recently completed MFA challenge or a Temporary Access Pass if your IT team provided one
Recommended sign-in portal
Use:
https://mysignins.microsoft.com
Then open Security info.
Typical registration flow
- Sign in to My Sign-Ins
- Open Security info
- Select Add sign-in method
- Choose the passkey option allowed by your organization
- Follow the prompts on your device
- Complete the biometric or device verification
- Finish registration and test sign-in
Best practices for users
- register at least one backup sign-in method
- do not remove your existing MFA method until testing is complete
- if possible, register more than one strong method
- test the new sign-in method immediately after setup
Summary
Passkeys provide a modern, phishing-resistant, passwordless sign-in option for Microsoft work and school accounts.