Microsoft will improve how Conditional Access policies are enforced in Microsoft Entra ID starting March 27, 2026. This change addresses a security loophole in which policies targeting all resources with specific exclusions could be bypassed in certain authentication scenarios. The rollout continues through June 2026 and forms part of Microsoft's Secure Future Initiative. Because these sign-ins will no longer bypass Conditional Access, users may now be required to complete MFA, meet device compliance requirements, or satisfy other configured Conditional Access controls, such as approved apps, app protection policies, or authentication strength, before accessing the resource.

Source

Starting March 2026, Microsoft Entra ID will introduce passkey profiles and synced passkeys to general availability, enabling group-based authentication configurations with granular control over device-bound and synced passkeys. Microsoft will automatically enable passkey profiles for tenants that don't opt in during the initial rollout, with existing settings preserved to maintain their current security posture.

Source

Microsoft will enforce multi-factor authentication (MFA) for all users signing in to the Microsoft 365 admin center starting February 9, 2026. This critical security measure aims to prevent unauthorized access to administrative accounts that manage tenant configurations, user provisioning, and compliance settings.

Source

Microsoft Entra ID introduces synced passkeys to simplify multi-factor authentication and reduce the security risks associated with traditional methods such as passwords and SMS codes. This feature, announced at Microsoft Ignite 2025, enables users to authenticate with biometrics or device PINs without entering passwords when syncing credentials across devices via cloud-based passkey providers. The implementation also includes high-assurance account recovery using government-issued ID verification to restore access when users lose all authentication methods.

Source