Microsoft is introducing Entra passkeys to Windows – so tough luck if your device is jailbroken, as your credentials will soon be gone forever

Microsoft is making signing in easier and more secure

News By Benedict Collins published 12 March 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter

Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• BYOD policies just got more secure with Entra passkeys for Windows Hello
• Windows devices will more resistant to phishing and credential stuffing
• Microsoft Authenticator is scanning for rooted and jailbroken devices

Windows devices are getting native passkey support thanks to the rollout of Microsoft Entra passkeys to all supported devices. By making use of Windows Hello, users can use their facial scan, fingerprint, or PIN as a local authenticator.

The move allows employees making use of bring-your-own-device (BYOD) policies to secure their work accounts without handing over full device management to their company.

But Microsoft Authenticator is on the hunt for rooted and jailbroken devices, and will wipe your Entra credentials from the face of the earth.

Article continues below

Entra passkeys is now easier and more secure

“We're introducing Microsoft Entra passkeys on Windows to enable phishing-resistant sign-in to Entra-protected resources. This update allows users to create device‑bound passkeys stored in the Windows Hello container and authenticate using Windows Hello methods (face, fingerprint, or PIN),” Microsoft announced.

This new passkey-friendly experience does away with passwords altogether, helping to protect against traditional phishing and credential stuffing attacks. The FIDO2 private key required to access your account is stored securely in a Trusted Platform Module or secure enclave on your device, meaning they cannot be transmitted from the device over a network.

Microsoft Entra on Windows devices is currently opt-in and will enter public preview around mid-March to late April 2026. To enroll, IT administrators need to do the following:

1. Enable the Passkeys (FIDO2) authentication method in the Entra Authentication Methods policies
2. Create a passkey profile with the required Windows Hello AAGUIDs
3. Assign the profile to the appropriate groups

Cracked devices will be wiped

It’s not all good news though. Microsoft Authenticator is now scanning for jailbroken or rooted devices, and will warn, block, and then automatically wipe Entra credentials from devices it deems unworthy.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors