I have a question about the passwordless authentication method provided by Microsoft.
According to the docs(https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless), the passwordless method is divided into three modes: Platform, Software, and Hardware.
Among them, What's the difference between the platform and software mode?
- Does the software mode only apply when using a separate authentication app (e.g., MS Authenticator app) as in the example? Or should apps (e.g., banking apps) or password management ecosystems (e.g., Google password managers) that include self-authentication processes be considered in software mode?
- It seems that biometric authentication of platform mode is also utilized in software mode, but why is it classified as software mode rather than platform mode?
- What are the definitions and specific differences of platform mode, software mode, and hardware mode? (If you have any data to refer to, let me know)
- For cross-platform passkey authentication using QR code and Bluetooth, which mode does it fall into: Platform, Software, or Hardware, and why?
- Do Platform mode/Software mode/Hardware mode all use a secure area such as TPM to store the private key and use the WebAuthn standard? In other words, do all three modes use the FIDO2 passkey?
- When doing passwordless authentication via the MS Authenticator app mentioned in the above docs (not "Enable passkeys in Microsoft Authenticator (preview)"), does it use a passkey? If it does, is the passkey stored in a secure area (e.g. TEE)?
Thank you for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 40%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
