From 5bf4e5ce58d9308ee92bce950d4b6a4366d7c5e0 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 15 May 2025 11:04:32 -0400 Subject: [PATCH 1/5] added note for Entra ID passkeys support on windows. --- windows/security/identity-protection/passkeys/index.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md index aef59bf2b1..744c417108 100644 --- a/windows/security/identity-protection/passkeys/index.md +++ b/windows/security/identity-protection/passkeys/index.md @@ -41,9 +41,12 @@ Passkeys have several advantages over passwords, including their ease of use and By default, Windows offers to save the passkey locally on the **Windows device**, in which case the passkey is protected by Windows Hello (biometrics and PIN). You can also choose to save the passkey in one of the following locations: -- **iPhone, iPad or Android device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires you to scan a QR code with your phone or tablet, which must be in proximity of the Windows device -- **Linked device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires the linked device to be in proximity of the Windows device, and it's only supported for Android devices -- **Security key**: the passkey is saved to a FIDO2 security key, protected by the key's unlock mechanism (for example, biometrics or PIN) +- **iPhone, iPad or Android device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires you to scan a QR code with your phone or tablet, which must be in proximity of the Windows device. +- **Linked device**: the passkey is saved on a phone or tablet, protected by the device's biometrics, if offered by the device. This option requires the linked device to be in proximity of the Windows device, and it's only supported for Android devices. +- **Security key**: the passkey is saved to a FIDO2 security key, protected by the key's unlock mechanism (for example, biometrics or PIN). + +>[!NOTE] +>Micorsoft Entra ID passkeys on Windows aren't currently supported. To learn see [Passkey authentication matrix with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility). Pick one of the following options to learn how to save a passkey, based on where you want to store it. From f032707cdcc4d26e60baab3b93c645ec5d6e466e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 15 May 2025 11:19:01 -0400 Subject: [PATCH 2/5] update note --- windows/security/identity-protection/passkeys/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md index 744c417108..a36ef84413 100644 --- a/windows/security/identity-protection/passkeys/index.md +++ b/windows/security/identity-protection/passkeys/index.md @@ -46,7 +46,9 @@ By default, Windows offers to save the passkey locally on the **Windows device** - **Security key**: the passkey is saved to a FIDO2 security key, protected by the key's unlock mechanism (for example, biometrics or PIN). >[!NOTE] ->Micorsoft Entra ID passkeys on Windows aren't currently supported. To learn see [Passkey authentication matrix with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility). +>Currently, Micorsoft Entra ID passkeys can't be stored on Windows devices. To learn more, see [Passkey authentication matrix with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility). + +Microsoft Entra ID currently supports only device-bound passkeys stored on FIDO2 security keys or in Microsoft Authenticator Pick one of the following options to learn how to save a passkey, based on where you want to store it. From 145b1f0d148b5a0d3d20af27002b2ab86a511df3 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 15 May 2025 11:19:32 -0400 Subject: [PATCH 3/5] update --- windows/security/identity-protection/passkeys/index.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md index a36ef84413..0bdc20e1d0 100644 --- a/windows/security/identity-protection/passkeys/index.md +++ b/windows/security/identity-protection/passkeys/index.md @@ -48,8 +48,6 @@ By default, Windows offers to save the passkey locally on the **Windows device** >[!NOTE] >Currently, Micorsoft Entra ID passkeys can't be stored on Windows devices. To learn more, see [Passkey authentication matrix with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility). -Microsoft Entra ID currently supports only device-bound passkeys stored on FIDO2 security keys or in Microsoft Authenticator - Pick one of the following options to learn how to save a passkey, based on where you want to store it. #### [:::image type="icon" source="images/laptop.svg" border="false"::: **Windows device**](#tab/windows) From 10bdef78ca7f8dadc8091c387f41bb3e323bea74 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Thu, 15 May 2025 21:06:01 +0530 Subject: [PATCH 4/5] acro fix --- windows/security/identity-protection/passkeys/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md index 0bdc20e1d0..d90b5222d4 100644 --- a/windows/security/identity-protection/passkeys/index.md +++ b/windows/security/identity-protection/passkeys/index.md @@ -46,7 +46,7 @@ By default, Windows offers to save the passkey locally on the **Windows device** - **Security key**: the passkey is saved to a FIDO2 security key, protected by the key's unlock mechanism (for example, biometrics or PIN). >[!NOTE] ->Currently, Micorsoft Entra ID passkeys can't be stored on Windows devices. To learn more, see [Passkey authentication matrix with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility). +>Currently, Microsoft Entra ID passkeys can't be stored on Windows devices. To learn more, see [Passkey authentication matrix with Microsoft Entra ID](/entra/identity/authentication/concept-fido2-compatibility). Pick one of the following options to learn how to save a passkey, based on where you want to store it. @@ -396,4 +396,4 @@ To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the cate [CSP-5]: /windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist [CSP-6]: /windows/client-management/mdm/policy-csp-deviceinstallation#preventinstallationofmatchingdeviceids [CSP-7]: /windows/client-management/mdm/policy-csp-deviceinstallation -[CSP-8]: /windows/client-management/mdm/policy-csp-bluetooth \ No newline at end of file +[CSP-8]: /windows/client-management/mdm/policy-csp-bluetooth From 87ece4b800ddcc9a9008283640c8182e3c4ccff7 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Thu, 15 May 2025 21:10:46 +0530 Subject: [PATCH 5/5] typo fix --- windows/security/identity-protection/passkeys/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md index d90b5222d4..150f18ac34 100644 --- a/windows/security/identity-protection/passkeys/index.md +++ b/windows/security/identity-protection/passkeys/index.md @@ -391,7 +391,7 @@ To provide feedback for passkeys, open [**Feedback Hub**][FHUB] and use the cate [CSP-1]: /windows/client-management/mdm/policy-csp-bluetooth#allowadvertising [CSP-2]: /windows/client-management/mdm/policy-csp-bluetooth#allowdiscoverablemode -[CSP-3]: /windows/client-management/mdm/policy-csp-bluetooth#allowprepairing +[CSP-3]: /windows/client-management/mdm/policy-csp-bluetooth#allowpreparing [CSP-4]: /windows/client-management/mdm/policy-csp-bluetooth#allowpromptedproximalconnections [CSP-5]: /windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist [CSP-6]: /windows/client-management/mdm/policy-csp-deviceinstallation#preventinstallationofmatchingdeviceids