Fabian BaderMicrosoft just announced official support to store device bound Passkeys for Entra ID in the Windows Hello container. No app, no external hardware key but built in support. Sadly no attestation while in preview.
MC1247893 - Microsoft Entra passkeys on Windows now support phishing-resistant sign-in | Microsoft 365 Message Center Archive
Microsoft Entra passkeys on Windows enable phishing-resistant, passwordless sign-in using Windows Hello on Entra-protected resources, including unmanaged devices. Public preview starts mid-March 2026. Organizations must opt in and configure policies to enable this feature; no impact occurs without activation.
THE Matt