microsoftgraph
diff --git a/‎api-reference/v1.0/api/fido2authenticationmethod-get.md‎
Lines changed: 9 additions & 5 deletions b/‎api-reference/v1.0/api/fido2authenticationmethod-get.md‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎api-reference/v1.0/api/fido2authenticationmethod-list.md‎
Lines changed: 9 additions & 7 deletions b/‎api-reference/v1.0/api/fido2authenticationmethod-list.md‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎api-reference/v1.0/api/fido2authenticationmethodconfiguration-get.md‎
Lines changed: 22 additions & 5 deletions b/‎api-reference/v1.0/api/fido2authenticationmethodconfiguration-get.md‎
Lines changed: 22 additions & 5 deletions
diff --git a/‎api-reference/v1.0/api/fido2authenticationmethodconfiguration-update.md‎
Lines changed: 37 additions & 5 deletions b/‎api-reference/v1.0/api/fido2authenticationmethodconfiguration-update.md‎
Lines changed: 37 additions & 5 deletions
diff --git a/‎api-reference/v1.0/resources/enums.md‎
Lines changed: 24 additions & 0 deletions b/‎api-reference/v1.0/resources/enums.md‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎api-reference/v1.0/resources/fido2authenticationmethod.md‎
Lines changed: 13 additions & 10 deletions b/‎api-reference/v1.0/resources/fido2authenticationmethod.md‎
Lines changed: 13 additions & 10 deletions
diff --git a/‎api-reference/v1.0/resources/fido2authenticationmethodconfiguration.md‎
Lines changed: 17 additions & 14 deletions b/‎api-reference/v1.0/resources/fido2authenticationmethodconfiguration.md‎
Lines changed: 17 additions & 14 deletions
@@ -1,18 +1,18 @@
 ---
 title: "Get fido2AuthenticationMethod"
 description: "Read the properties and relationships of a fido2AuthenticationMethod object."
-author: "calvinlui"
+author: "hanki71"
 ms.reviewer: intelligentaccesspm
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: "apiPageType"
-ms.date: 07/28/2025
+ms.date: 03/04/2026
 ---
 
 # Get fido2AuthenticationMethod
 Namespace: microsoft.graph
 
-Retrieve a user's single [FIDO2 security key authentication method](../resources/fido2authenticationmethod.md) object.
+Retrieve a user's single [passkey (FIDO2) authentication method](../resources/fido2authenticationmethod.md) object.
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]
 
@@ -59,6 +59,9 @@ Don't supply a request body for this method.
 
 If successful, this method returns a `200 OK` response code and the requested [fido2AuthenticationMethod](../resources/fido2authenticationmethod.md) object in the response body.
 
+> [!NOTE]
+> This method also returns credentials key IDs formatted in Base64URL with a padding number suffix. To decode the key IDs, convert the trailing integer value of 0, 1, or 2 to the same number of base64 padding characters.
+
 ## Examples
 
 ### Request
@@ -123,13 +126,14 @@ Content-type: application/json
   "value": {
       "id": "-2_GRUg2-HYz6_1YG4YRAQ2",
       "displayName": "Red key",
-      "creationDateTime": "2020-08-10T06:44:09Z",
+      "createdDateTime": "2020-08-10T06:44:09Z",
       "aaGuid": "2fc0579f-8113-47ea-b116-555a8db9202a",
       "model": "NFC key",
       "attestationCertificates": [
           "dbe793efdf1945e2df25d93653a1e8a3268a9075"
       ],
-      "attestationLevel": "attested"
+      "attestationLevel": "attested",
+      "passkeyType": "deviceBound"
   }
 }
 ```
 
@@ -1,18 +1,18 @@
 ---
 title: "List fido2AuthenticationMethod"
 description: "Retrieve a list of the fido2AuthenticationMethod objects and their properties."
-author: "calvinlui"
+author: "hanki71"
 ms.reviewer: intelligentaccesspm
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: apiPageType
-ms.date: 07/28/2025
+ms.date: 03/04/2026
 ---
 
 # List fido2AuthenticationMethod
 Namespace: microsoft.graph
 
-Retrieve a list of a user's [FIDO2 security key authentication method](../resources/fido2authenticationmethod.md) objects and their properties.
+Retrieve a list of a user's [passkey (FIDO2) authentication method](../resources/fido2authenticationmethod.md) objects and their properties.
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]
 
@@ -129,24 +129,26 @@ Content-type: application/json
     {
       "id": "-2_GRUg2-HYz6_1YG4YRAQ2",
       "displayName": "Red key",
-      "creationDateTime": "2020-08-10T06:44:09Z",
+      "createdDateTime": "2020-08-10T06:44:09Z",
       "aaGuid": "2fc0579f-8113-47ea-b116-555a8db9202a",
       "model": "NFC key",
       "attestationCertificates": [
           "dbe793efdf1945e2df25d93653a1e8a3268a9075"
       ],
-      "attestationLevel": "attested"
+      "attestationLevel": "attested",
+      "passkeyType": "deviceBound"
     },
     {
       "id": "_jpuR-TGZgk6aQCLF3BQjA2",
       "displayName": "Blue key",
-      "creationDateTime": "2020-08-10T06:25:38Z",
+      "createdDateTime": "2020-08-10T06:25:38Z",
       "aaGuid": "c5ef55ff-ad9a-4b9f-b580-ababafe026d0",
       "model": "USB key",
       "attestationCertificates": [
           "b479e7652167f574296e76bfa76731b8ccd22ed7"
       ],
-      "attestationLevel": "attested"
+      "attestationLevel": "attested",
+      "passkeyType": "deviceBound"
     }
   ]
 }
 
@@ -1,18 +1,18 @@
 ---
 title: "Get fido2AuthenticationMethodConfiguration"
 description: "Read the properties and relationships of a fido2AuthenticationMethodConfiguration object."
-author: "calvinlui"
+author: "hanki71"
 ms.reviewer: intelligentaccesspm
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: "apiPageType"
-ms.date: 04/04/2024
+ms.date: 03/04/2026
 ---
 
 # Get fido2AuthenticationMethodConfiguration
 Namespace: microsoft.graph
 
-Retrieve the properties and relationships of the [fido2AuthenticationMethodConfiguration](../resources/fido2authenticationmethodconfiguration.md) object, which represents the FIDO2 Security Keys [authentication method policy](../resources/authenticationmethodspolicies-overview.md) for the Microsoft Entra tenant.
+Retrieve the properties and relationships of the [fido2AuthenticationMethodConfiguration](../resources/fido2authenticationmethodconfiguration.md) object, which represents the passkey (FIDO2) [authentication method policy](../resources/authenticationmethodspolicies-overview.md) for the Microsoft Entra tenant.
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]
 
@@ -121,9 +121,26 @@ Content-type: application/json
         {
             "targetType": "group",
             "id": "all_users",
-            "isRegistrationRequired": false
+            "isRegistrationRequired": false,
+            "allowedPasskeyProfiles": [
+                "00000000-0000-0000-0000-000000000001"
+            ]
         }
     ],
-    "excludeTargets": []
+    "excludeTargets": [],
+    "passkeyProfiles": [
+        {
+            "id": "00000000-0000-0000-0000-000000000001",
+            "name": "Default passkey profile",
+            "passkeyTypes": "deviceBound,synced",
+            "attestationEnforcement": "disabled",
+            "keyRestrictions": {
+                "isEnforced": false,
+                "enforcementType": "allow",
+                "aaGuids": [
+                ]
+            }
+        }
+    ]
 }
 ```
@@ -1,18 +1,18 @@
 ---
 title: "Update fido2AuthenticationMethodConfiguration"
 description: "Update the properties of a fido2AuthenticationMethodConfiguration object."
-author: "calvinlui"
+author: "hanki71"
 ms.reviewer: intelligentaccesspm
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: "apiPageType"
-ms.date: 04/04/2024
+ms.date: 03/04/2026
 ---
 
 # Update fido2AuthenticationMethodConfiguration
 Namespace: microsoft.graph
 
-Update the properties of a [fido2AuthenticationMethodConfiguration](../resources/fido2authenticationmethodconfiguration.md) object, which represents the FIDO2 Security Keys authentication method policy for the Microsoft Entra tenant.
+Update the properties of a [fido2AuthenticationMethodConfiguration](../resources/fido2authenticationmethodconfiguration.md) object, which represents the passkey (FIDO2) authentication method policy for the Microsoft Entra tenant.
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]
 
@@ -69,8 +69,40 @@ Content-Type: application/json
 
 {
     "@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
-    "state": "enabled",
-    "isAttestationEnforced": "true"
+    "id": "Fido2",
+    "state": "disabled",
+    "isSelfServiceRegistrationAllowed": true,
+    "isAttestationEnforced": true,
+    "keyRestrictions": {
+        "isEnforced": false,
+        "enforcementType": "block",
+        "aaGuids": []
+    },
+    "includeTargets": [
+        {
+            "targetType": "group",
+            "id": "all_users",
+            "isRegistrationRequired": false,
+            "allowedPasskeyProfiles": [
+                "00000000-0000-0000-0000-000000000001"
+            ]
+        }
+    ],
+    "excludeTargets": [],
+    "passkeyProfiles": [
+        {
+            "id": "00000000-0000-0000-0000-000000000001",
+            "name": "Default passkey profile",
+            "passkeyTypes": "deviceBound,synced",
+            "attestationEnforcement": "disabled",
+            "keyRestrictions": {
+                "isEnforced": false,
+                "enforcementType": "allow",
+                "aaGuids": [
+                ]
+            }
+        }
+    ]
 }
 ```
 
 
@@ -822,6 +822,30 @@ Namespace: microsoft.graph
 | allow |
 | block |
 
+### attestationEnforcement values
+
+| Member |
+|:---|
+| disabled |
+| registrationOnly |
+| unknownFutureValue |
+
+### passkeyType values
+
+| Member |
+|:---|
+| deviceBound |
+| synced |
+| unknownFutureValue |
+
+### passkeyTypes values
+
+| Member |
+|:---|
+| deviceBound |
+| synced |
+| unknownFutureValue |
+
 ### x509CertificateAuthenticationMode values
 
 | Member |
 
@@ -1,20 +1,20 @@
 ---
 title: "fido2AuthenticationMethod resource type"
-description: "A representation of a FIDO2 security key registered to a user. FIDO2 is a sign-in authentication method."
-author: "calvinlui"
+description: "A representation of a passkey (FIDO2) registered to a user. Passkey (FIDO2) is a sign-in authentication method."
+author: "hanki71"
 ms.reviewer: intelligentaccesspm
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: resourcePageType
 toc.title: FIDO2
-ms.date: 07/24/2024
+ms.date: 03/04/2026
 ---
 
 # fido2AuthenticationMethod resource type
 
 Namespace: microsoft.graph
 
-A representation of a FIDO2 security key registered to a user. FIDO2 is a sign-in authentication method.
+A representation of a passkey (FIDO2) registered to a user. Passkey (FIDO2) is a sign-in authentication method.
 
 This is a derived type that inherits from the [authenticationMethod](authenticationmethod.md) resource type.
 
@@ -25,16 +25,18 @@ This is a derived type that inherits from the [authenticationMethod](authenticat
 |[Get](../api/fido2authenticationmethod-get.md)|[fido2AuthenticationMethod](../resources/fido2authenticationmethod.md)|Read the properties and relationships of a user's **fido2AuthenticationMethod** object.|
 |[Delete](../api/fido2authenticationmethod-delete.md)|None|Delete a user's **fido2AuthenticationMethod** object.|
 
+
 ## Properties
 |Property|Type|Description|
 |:---|:---|:---|
-|aaGuid|String|Authenticator Attestation GUID, an identifier that indicates the type (e.g. make and model) of the authenticator.|
-|attestationCertificates|String collection|The attestation certificate(s) attached to this security key.|
-|attestationLevel|attestationLevel|The attestation level of this FIDO2 security key. The possible values are: `attested`, or `notAttested`.|
+|aaGuid|String|Authenticator Attestation GUID, an identifier that indicates the type (such as make and model) of the authenticator.|
+|attestationCertificates|String collection|The attestation certificate or certificates attached to this passkey.|
+|attestationLevel|attestationLevel|The attestation level of this passkey (FIDO2). The possible values are: `attested`, `notAttested`, `unknownFutureValue`.|
 |createdDateTime|DateTimeOffset|The timestamp when this key was registered to the user. Inherited from [authenticationMethod](../resources/authenticationmethod.md).|
 |displayName|String|The display name of the key as given by the user.|
 |id|String|The authentication method identifier.|
-|model|String|The manufacturer-assigned model of the FIDO2 security key.|
+|model|String|The manufacturer-assigned model of the FIDO2 passkey.|
+|passkeyType|passkeyType|The type of passkey. The possible values are: `deviceBound`, `synced`, `unknownFutureValue`.|
 
 ## Relationships
 None.
@@ -62,7 +64,8 @@ The following JSON representation shows the resource type.
   "createdDateTime": "String (timestamp)",
   "displayName": "String",
   "id": "String (identifier)",
-  "model": "String"
-}
+  "model": "String",
+  "passkeyType": "String"
+  }
 ```
 
@@ -1,13 +1,13 @@
 ---
 title: "fido2AuthenticationMethodConfiguration resource type"
 description: "Represents a FIDO2 authentication methods policy."
-author: "calvinlui"
+author: "hanki71"
 ms.reviewer: intelligentaccesspm
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: resourcePageType
 toc.title: FIDO2
-ms.date: 07/22/2024
+ms.date: 03/04/2026
 ---
 
 # fido2AuthenticationMethodConfiguration resource type
@@ -23,24 +23,26 @@ Inherits from [authenticationMethodConfiguration](../resources/authenticationmet
 |Method|Return type|Description|
 |:---|:---|:---|
 |[Get](../api/fido2authenticationmethodconfiguration-get.md)|[fido2AuthenticationMethodConfiguration](../resources/fido2authenticationmethodconfiguration.md)|Read the properties and relationships of a fido2AuthenticationMethodConfiguration object.|
-|[Update](../api/fido2authenticationmethodconfiguration-update.md)|[fido2AuthenticationMethodConfiguration](../resources/fido2authenticationmethodconfiguration.md)|Update the properties of a fido2AuthenticationMethodConfiguration object.|
+|[Update](../api/fido2authenticationmethodconfiguration-update.md)|None|Update the properties of a fido2AuthenticationMethodConfiguration object.|
 |[Delete](../api/fido2authenticationmethodconfiguration-delete.md)|None|Reverts the fido2AuthenticationMethodConfiguration object to its default configuration.|
 
 
 ## Properties
 |Property|Type|Description|
 |:---|:---|:---|
+|defaultPasskeyProfile|String|The non-deletable baseline passkey profile, within the passkey profile collection. It's automatically created when migrating to passkey profiles and initially mirrors the tenant's legacy global passkey (FIDO2) authentication methods policy settings.|
 |excludeTargets|[excludeTarget](../resources/excludetarget.md) collection|Groups of users that are excluded from the policy.|
 |id|String|The authentication method policy identifier.|
-|isAttestationEnforced|Boolean|Determines whether attestation must be enforced for FIDO2 security key registration.|
-|isSelfServiceRegistrationAllowed|Boolean|Determines if users can register new FIDO2 security keys.|
-|keyRestrictions|[fido2KeyRestrictions](../resources/fido2keyrestrictions.md)|Controls whether key restrictions are enforced on FIDO2 security keys, either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (for example, make and model) of the authenticator.|
+|isAttestationEnforced|Boolean|Determines whether attestation must be enforced for passkey (FIDO2) registration. This property is deprecated and will be removed in October 2027. Use **passkeyProfiles** property.|
+|isSelfServiceRegistrationAllowed|Boolean|Determines if users can register new passkeys (FIDO2).|
+|keyRestrictions|[fido2KeyRestrictions](../resources/fido2keyrestrictions.md)|Controls whether key restrictions are enforced on passkeys (FIDO2), either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (for example, make and model) of the authenticator. This property is deprecated and will be removed in October 2027. Use the **passkeyProfiles** property.|
 |state|authenticationMethodState|The possible values are: `enabled`, `disabled`.|
 
 ## Relationships
 |Relationship|Type|Description|
 |:---|:---|:---|
-|includeTargets|[authenticationMethodTarget](../resources/authenticationmethodtarget.md) collection|A collection of groups that are enabled to use the authentication method.|
+|includeTargets|[passkeyAuthenticationMethodTarget](../resources/passkeyauthenticationmethodtarget.md) collection|A collection of groups that are enabled to use the authentication method.|
+|passkeyProfiles|[passkeyProfile](../resources/passkeyprofile.md) collection|A collection of configuration profiles that control the registration of and authentication with passkeys (FIDO2).|
 
 ## JSON representation
 
@@ -57,17 +59,18 @@ The following JSON representation shows the resource type.
 {
   "@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration",
   "id": "String (identifier)",
-  "includeTargets": [ { "@odata.type": "microsoft.graph.authenticationMethodTarget" } ],
-  "isAttestationEnforced": "Boolean",
-  "isSelfServiceRegistrationAllowed": "Boolean",
-  "keyRestrictions": {
-    "@odata.type": "microsoft.graph.fido2KeyRestrictions"
-  },
   "state": "String",
+  "defaultPasskeyProfile": "String",
   "excludeTargets": [
     {
       "@odata.type": "microsoft.graph.excludeTarget"
     }
-  ]
+  ],
+  "isSelfServiceRegistrationAllowed": "Boolean",
+  "isAttestationEnforced": "Boolean",
+  "keyRestrictions": {
+    "@odata.type": "microsoft.graph.fido2KeyRestrictions"
+  },
+  "includeTargets": [ { "@odata.type": "microsoft.graph.passkeyAuthenticationMethodTarget" } ]
 }
 ```