This article addresses frequently asked questions about synced passkeys. Keep checking back for updated content.
What are the benefits of synced passkeys?
Synced passkeys stored in native and third-party passkey providers that already exist on users' devices solve many of the hard issuance and management problems associated with a separate authentication device. The fact that the passkey can sync between the user's client devices and the cloud massively reduces the recoverability and reissuance costs associated with device-bound passkeys. We expect this combination of benefits will make synced passkeys the best option for most users and organizations.
How can I do a staged rollout of synced passkeys?
You can leverage passkey profiles to scope the rollout of synced passkeys to select user groups. Microsoft recommends the use of device-bound passkeys for admins and highly privileged users, and the use of synced passkeys for all users with non-admin permissions in your organization.
As an admin, can I revoke the use of a passkey?
Yes. Admins can leverage the per-user authentication methods UX or API to delete the passkey from a user's Microsoft Entra ID account.