Can you add an Apple Passkey security key to a non-personal Microsoft account?

Question

Hi,

I’m trying to add an Apple Passkey security key to my business Microsoft account (I have setup all the settings in Azure Active Directory, etc.) but every time I go to set it up, I get to the part where I have to name the key, and whenever I press “Next” which will save the key to the account, it just says it can’t be done and to try again. I’ve gone through all the help articles, and I know it’s not on the list of supported security keys, however, it works when I’m adding it to other tenants such as all of my personal Microsoft accounts, just not this particular tenant.

Is this just a temporary limitation of non-personal accounts, or is there something in the AAD settings I’m missing?

I’ve been troubleshooting this for some time now with multiple Microsoft Support agents, trying everything we can all think of to no avail.

Thanks.

Answer 1

Hello @Christopher Malone and thanks for reaching out. Apple Passkey (multi-device passkeys) is not yet supported in Azure AD. It's very possible that we will support it in a future, however no plans have been announced yet. In the meantime, for MacOS, we recommend using single-device passkeys, aka FIDO2 security keys, as a phish resistant auth method.

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

Answer 2

Very weird that we can't add the apple passkey directly and it fails out when naming the passkey. However, it's now possible to add an apple or android device as a passkey, but strangely the passkey must be stored in the Microsoft authenticator app instead of the iphone itself. Strange design decision, but at least it works now https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-authenticator-passkey#enable-passkeys-in-authenticator-in-the-admin-center