Microsoft Entra June 2026: Passkeys, Linux MFA, B2C

Introduction

Microsoft Entra’s June 2026 updates focus on a clear priority for identity teams: stronger phishing-resistant authentication, smoother cross-tenant administration, and lower operational overhead. For IT administrators managing hybrid and multi-platform environments, this release closes several long-standing gaps while adding safer lifecycle and governance controls.

What’s new in Microsoft Entra

Phishing-resistant MFA expands to Linux

Microsoft Entra now supports phish-resistant MFA on Linux desktops through the Microsoft identity broker. Supported platforms include Ubuntu 24.04 and 26.04, plus RHEL 8, 9, and 10. This brings Linux closer to parity with Windows and macOS for secure modern authentication.

Passkey adoption gets a boost

Two important passkey updates arrived:

• Registration campaigns now support passkeys, including FIDO2, so admins can prompt users to enroll during sign-in.
• Windows passkey sign-in now supports device-bound passkeys stored in the Windows Hello container, even when the device is not Entra joined or registered.

Easier B2C migration to External ID

High Scale Compatibility (HSC) mode gives large Azure AD B2C tenants a new migration path to Microsoft Entra External ID without forcing password resets or user re-registration. This is aimed at organizations with roughly 5 million or more objects.

Cross-tenant and governance improvements

Several new admin capabilities stand out:

• Cross-tenant group synchronization for centralized group and membership management across tenants
• Account discovery for connected apps in Entra ID Governance, including orphaned accounts
• Automated agent identity sponsorship transitions through Lifecycle Workflows
• App Deactivation to safely disable applications without deleting them
• Device Soft Delete to recover deleted device objects during a retention period

User experience and preview features

Microsoft also updated the My Account portal with redesigned Devices, Security Info, and Organizations pages. In preview, admins can test:

• Domain-less SAML federation for workforce tenants
• Sensitivity labels for Entra security groups using Microsoft Purview

Why this matters for IT admins

These updates improve both security posture and operational resilience. Linux MFA and passkeys help reduce password and phishing risk, while app deactivation and device soft delete add safer recovery options during incidents or administrative mistakes. Cross-tenant group sync and governance enhancements are especially useful for enterprises managing mergers, partners, or multi-tenant operations.

Next steps

Administrators should review passkey profiles, evaluate Linux desktop support requirements, and identify whether B2C environments may qualify for HSC migration. It’s also a good time to assess app deactivation, device soft delete, and cross-tenant group sync for inclusion in identity governance and incident response processes.