← Back
Microsoft Entra ID: Retirement of duplicative properties in passkey (FIDO2) authentication methods policy
MC1188230 · build prod-20251231-200323
Category
planForChange
Severity
normal
Major change
True
Last modified
2025-11-19 23:34:30
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
2027-10-14 07:00:00
Action by (AI)
Services
Microsoft Entra
Tags
Retirement
Master tags
Admin, Security
Roadmap IDs

One-line summary

FIDO2 API properties isAttestationEnforced and keyRestrictions will be retired Oct-Nov 2027; update automations and integrations to use new passkey policy schema.

Similar updates

More like this

Details

Summary
Starting October to November 2027, Microsoft will retire the isAttestationEnforced and keyRestrictions properties from the fido2AuthenticationMethodConfiguration API. These will sync with new properties in the updated passkey policy API schema during transition. Admins must update configurations, automations, and integrations accordingly.

Body (from Message Center)

Introduction

Starting October 2027 and ending November 2027, we will retire the isAttestationEnforced and keyRestrictionsproperties from the existing fido2AuthenticationMethodConfiguration API schema. This change aligns with the latest update to the passkey policy API schema, which introduces support for granular group-based configurations with passkey profiles.

During the retirement period, isAttestationEnforced and keyRestrictions will remain in sync with their counterparts attestationEnforcement and keyRestrictions within the Default passkey profile.

When this will happen 

Retirement begins in mid-October 2027 and is expected to complete by early November 2027.

How this affects your organization:

You are receiving this message because our reporting indicates your organization may be using this feature.

Who is affected: Admins managing FIDO2 authentication configurations and any custom automations or third-party integrations using these properties.

What will happen

  • isAttestationEnforced and keyRestrictions properties will be retired.
  • New properties are available in the updated passkey policy API schema.
  • Existing properties will sync with new ones during the transition period.
  • Automations or integrations using retired properties will stop working after the change.

What you can do to prepare

  • Review your current configuration.
  • Update any custom automations and third-party integrations to support the new schema.
  • Notify your admins and update internal documentation.

Screenshot - The read arrows indicate the properties to be retired:

user settings

Learn more: fido2AuthenticationMethodConfiguration resource type | Microsoft Graph | Microsoft Learn

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw
{
  "snapshot_item": {
    "action_required_by": "2027-10-14T07:00:00Z",
    "ai_action_required_by": null,
    "ai_actions": [
      "Review FIDO2 configurations",
      "Update automations and integrations",
      "Notify admins",
      "Update documentation"
    ],
    "ai_master_tags": [
      "Admin",
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "FIDO2 API properties isAttestationEnforced and keyRestrictions will be retired Oct-Nov 2027; update automations and integrations to use new passkey policy schema.",
    "ai_topics": [
      "Entra"
    ],
    "category": "planForChange",
    "details_map": {
      "Summary": "Starting October to November 2027, Microsoft will retire the isAttestationEnforced and keyRestrictions properties from the fido2AuthenticationMethodConfiguration API. These will sync with new properties in the updated passkey policy API schema during transition. Admins must update configurations, automations, and integrations accordingly."
    },
    "id": "MC1188230",
    "importance": 4,
    "is_major_change": true,
    "last_modified": "2025-11-19T23:34:30Z",
    "ms_products": [
      "Entra"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Microsoft Entra"
    ],
    "severity": "normal",
    "tags": [
      "Retirement"
    ],
    "title": "Microsoft Entra ID: Retirement of duplicative properties in passkey (FIDO2) authentication methods policy"
  }
}