Skip to Content

MC1188230: Retirement of duplicative properties in passkey (FIDO2) authentication methods policy

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1188230: Retirement of duplicative properties in passkey (FIDO2) authentication methods policy

Summary

  • The properties `isAttestationEnforced` and `keyRestrictions` will be retired from the `fido2AuthenticationMethodConfiguration API` schema.
  • New properties are introduced in the updated passkey policy API schema, which allows for group-based configurations.
  • During the transition, existing properties will sync with the new ones.
  • Automations or integrations relying on the retired properties will stop functioning after the change.
  • Review configurations and update any custom automations and documentation accordingly.

Admin Impact: Medium
User Impact: Low
Release Start: 01 Oct 2027
Release End: 01 Nov 2027
Services: Entra
Category: Plan for change
Tags: Retirement

History

11/19/2025 Item Added to Message Center

Microsoft Message

Introduction

Starting October 2027 and ending November 2027, we will retire the isAttestationEnforced and keyRestrictionsproperties from the existing fido2AuthenticationMethodConfiguration API schema. This change aligns with the latest update to the passkey policy API schema, which introduces support for granular group-based configurations with passkey profiles.

During the retirement period, isAttestationEnforced and keyRestrictions will remain in sync with their counterparts attestationEnforcement and keyRestrictions within the Default passkey profile.

When this will happen

Retirement begins in mid-October 2027 and is expected to complete by early November 2027.

How this affects your organization

You are receiving this message because our reporting indicates your organization may be using this feature.

Who is affected: Admins managing FIDO2 authentication configurations and any custom automations or third-party integrations using these properties.

What will happen

  • isAttestationEnforced and keyRestrictions properties will be retired.
  • New properties are available in the updated passkey policy API schema.
  • Existing properties will sync with new ones during the transition period.
  • Automations or integrations using retired properties will stop working after the change.

What you can do to prepare

  • Review your current configuration.
  • Update any custom automations and third-party integrations to support the new schema.
  • Notify your admins and update internal documentation.

Learn more: fido2AuthenticationMethodConfiguration resource type | Microsoft Graph | Microsoft Learn

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.