Passwords are the leading cause of identity-based breaches, not because we lack alternatives, but because most alternatives introduce friction that kills adoption. Passkeys fundamentally change that equation, and Microsoft Entra's implementation is now mature enough to deploy at scale. This is not a future-state conversation. It is happening now, and it is worth getting right.

This session covers passkeys end-to-end: The FIDO2 and WebAuthn standards underneath them, how Entra handles registration, authentication, and credential binding, and where the platform still has rough edges you need to plan around. We'll walk through the full lifecycle, from onboarding flows and Temporary Access Pass bootstrapping to cross-platform behavior, Conditional Access enforcement, and what happens when a device is lost or replaced. There will be demos, there will be architecture, and there will be strong opinions backed by real-world experience.

Attendees will leave with a clear architectural understanding of how passkeys work in Entra, an honest view of current limitations, and a practical framework for planning a passwordless transition that holds up in production, not just in a test tenant.

Level 300, assumes familiarity with Microsoft Entra ID, authentication methods policy, and Conditional Access fundamentals.