一键导入
passkeys-fido2
Guidance for rolling out passkeys (device-bound and synced) and FIDO2 security keys in Microsoft Entra ID as the primary phishing-resistant authentication method. Covers passkey types (device-bound in Microsoft Authenticator, synced passkeys via platform providers, hardware security keys), Conditional Access authentication strength, registration campaigns, Temporary Access Pass (TAP) bootstrapping, lifecycle (lost device, attestation), Conditional Access requiring phishing-resistant MFA, decommissioning legacy methods (SMS, voice, weaker app push), and integration with Windows Hello for Business. WHEN: passkey rollout, FIDO2 keys, phishing-resistant MFA, Microsoft Authenticator passkey, device-bound passkey, synced passkey, Temporary Access Pass, TAP, Conditional Access authentication strength, kill SMS MFA, retire voice MFA, passwordless rollout, FIDO2 attestation, security key registration. DO NOT USE for general CA policy authoring (use conditional-access-mfa), Windows desktop sign-in design end-to-end (us
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。