Enterprises have specific requirements for passkeys and device management. Let's have a look at how Apple, Google & Microsoft are currently meeting those needs.
Lukas R.
Created: November 9, 2023
Updated: February 17, 2025
Our mission is to make the Internet a safer place and passkeys provide a superior solution to achieve that. That's why we want to keep you updated with the latest industry insights here.
Passkey gain strong momentum, with many companies embracing passkeys to offer their customers a seamless and secure authentication experience. However, the enterprise sector presents unique challenges a mix of personal and managed devices all accessing sensitive corporate data. Where do the tech giants stand in deploying enterprise-grade passkey solutions? Let's analyze the current developments from Apple, Google, and Microsoft to get a clearer picture.
Recent Articles
♟️
Enterprise Guide: Passkeys for Existing Large-Scale Consumer Deployments
♟️
Initial Assessment & Planning (Enterprise Passkeys Guide 1)
♟️
Stakeholder Engagement (Enterprise Passkeys Guide 2)
♟️
Product, Design & Strategy Development (Enterprise Passkeys Guide 3)
♟️
Essential Eight Passkeys: Phishing-Resistant MFA
For individuals, passkeys already represent a huge improvement in usability and security. However, for enterprises to fully embrace passkey solutions, four critical functionalities must be offered:
Managed Apple IDs have become more user-friendly by enabling iCloud Keychain support, which allow for device synchronization and recovery.
Think of Managed Apple ID as a corporate-controlled counterpart to a personal Apple ID, encompassing password resets and role-based admin rights.
Integrating managed Apple IDs with the iCloud Keychain in macOS Sonoma, iOS 17, and iPadOS 17 means that passkeys are synced across devices and can be recovered if those devices are misplaced. While convenient for users, enterprises might be concerned about passkeys syncing to devices outside their control. That is why Apple introduced a couple of optional settings and safety measures:
1. Non-transferability of Passkeys: Passkeys for managed Apple IDs cannot be shared, preventing unauthorized log-ins on non-approved devices.
2. Selective Synchronization Controls: Administrators can control which devices are allowed to sync passkeys, choosing between three levels:
3. Mandatory Passkey Creation on Managed Devices: Next to limiting the synchronization, administrators can also require passkey creation on managed devices.
Apple has adapted to enterprise needs by introducing these features, facilitating secure and efficient passkey usage within organizational structures. They also implemented some features to provide trustable attestation. For detailed instructions on implementing these settings in your organization, please refer to Apples release notes of the WWDC23.
Google, too, is a front-runner in advancing passkeys,
especially in the consumer domain. Recent updates to Android and Chrome have
unlocked Googles Password Managers ability to securely store, retrieve,
and sync passkeys across devices using end-to-end encryption. Additionally,
since Android 14, it's possible to use third-party credential managers, such as password
managers like 1Password or Dashlane, to handle passkeys, offering alternatives to Google Password Manager.
But how do these enhancements translate to enterprise solutions?
Google's SaaS offering for businesses - Google Workspace - has integrated passkey capabilities. This enables organizations to allow their users a sign-in to their organization with passkeys.
Passkey Settings in Google Workspace's Admin Control
Administrators can now set passkeys as the primary sign-in method for their employees.
Google's management system for Android devices has yet to introduce specific passkey management features. Despite support for passkey synchronization via Google Password Manager in Android 14, Android Enterprise lacks the administrative customization options Apple offers.
Although Google has promoted passkey utilization for developers and individual users, its enterprise solutions are yet to offer the same level of administrative control provided by Apple, particularly in device management, where enterprises require granular control over passkey sync and usage. We expect Google to keep up with Apple via more updates in the near future.
Microsoft rolled out passkeys for Microsoft Entra ID (formerly known as Azure ID) in 2024. Moreover, Microsoft added passkey support to its Authenticator app. However, Windows Hello is still missing a synchronization feature between devices for single users as well as for organizations.
If you want to read more about why Microsoft is so slow with passkey adoption, check out this blog article.
Why are Passkeys important?
Passwords & phishing put enterprises at risk. Passkeys offer the only MFA solution balancing security and UX. Our whitepaper covers implementation and business impact.
Let's have a look at how the three tech giants meet the enterprise requirements for passkeys:
Only Apple has implemented all four features for organizations, setting a standard for passkeys in enterprise solutions. Google is the runner-up, offering synchronization and recovery but falling short on enterprise-centric controls. Microsoft trails behind, with room for significant improvement.
We believe that passkeys will make the internet a safer place. Enterprises are a big part of this transformation which is why we call for an implementation of enterprise passkeys. If you have any questions, feel to reach out to us via our passkeys community or subscribe to our passkeys Substack.
Table of Contents
Enjoyed this read?
🤝 Join our Passkeys Community
Share passkeys implementation tips and get support to free the world from passwords.
🚀 Subscribe to Substack
Get the latest news, strategies, and insights about passkeys sent straight to your inbox.
Related Articles
Enterprise Guide: Passkeys for Existing Large-Scale Consumer Deployments
Vincent - September 26, 2024
Product, Design & Strategy Development (Enterprise Passkeys Guide 3)
Vincent - October 16, 2024