Skip to main content
Run any Skill in Manus
with one click

passkeys-fido2

Stars158
Forks34
UpdatedJune 18, 2026 at 15:39

Guidance for rolling out passkeys (device-bound and synced) and FIDO2 security keys in Microsoft Entra ID as the primary phishing-resistant authentication method. Covers passkey types (device-bound in Microsoft Authenticator, synced passkeys via platform providers, hardware security keys), Conditional Access authentication strength, registration campaigns, Temporary Access Pass (TAP) bootstrapping, lifecycle (lost device, attestation), Conditional Access requiring phishing-resistant MFA, decommissioning legacy methods (SMS, voice, weaker app push), and integration with Windows Hello for Business. WHEN: passkey rollout, FIDO2 keys, phishing-resistant MFA, Microsoft Authenticator passkey, device-bound passkey, synced passkey, Temporary Access Pass, TAP, Conditional Access authentication strength, kill SMS MFA, retire voice MFA, passwordless rollout, FIDO2 attestation, security key registration. DO NOT USE for general CA policy authoring (use conditional-access-mfa), Windows desktop sign-in design end-to-end (us

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

SKILL.md
readonly