| title | passkeyProfile resource type |
|---|---|
| description | Profile that enables granular, group-based control over passkey configurations for the Passkeys (FIDO2) authentication method policy. |
| author | hanki71 |
| ms.date | 09/25/2025 |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | resourcePageType |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Configuration profile for Passkeys (FIDO2) Authentication Method policy that allows for granular, group-based control over passkey configurations.
Inherits from entity.
No methods are supported.
| Property | Type | Description |
|---|---|---|
| attestationEnforcement | attestationEnforcement | Determines whether attestation must be enforced for FIDO2 passkey registration. Required. The possible values are: disabled, registrationOnly, unknownFutureValue. |
| id | String | The passkey profile identifier. Required. Inherited from entity. |
| keyRestrictions | fido2KeyRestrictions | Controls whether key restrictions are enforced on FIDO2 passkeys, either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (for example, make and model) of the authenticator. Required. |
| name | String | Name of the passkey profile. Required. |
| passkeyTypes | passkeyTypes | Specifies which types of passkeys are targeted in this passkey profile. Required. The possible values are: deviceBound, synced, unknownFutureValue. |
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.passkeyProfile",
"id": "String (identifier)",
"name": "String",
"passkeyTypes": "String",
"attestationEnforcement": "String",
"keyRestrictions": {
"@odata.type": "microsoft.graph.fido2KeyRestrictions"
}
}