Enterprise Passkeys: How are Apple, Google, and Microsoft performing?

The shift to passwordless authentication is accelerating with enterprises searching for secure and seamless passkey integrations.
Read below about how Apple, Google, and Microsoft cater to these enterprise needs.

Enterprise Requirements for Passkeys

For consumers, passkeys have undeniable advantages regarding security and user experience. In contrast, Enterprises have specific requirements for passkeys and device management to limit and secure the access to their sensitive data. These requirements are:

1. Syncing passkeys between different devices
2. Recovering passkeys from lost devices
3. Prevention of unauthorized passkey transfers
4. Centralized management of passkeys and user accounts

This poses the question: Who is meeting these requirements the best with their enterprise passkey integrations?

Apple’s strong device management

With managed Apple IDs in iOS 17 and macOS Sonoma, Apple excels at passkey implementation in their enterprise solution, providing robust synchronization, recovery options, and strict administrative controls for passkeys.
Passkeys get synchronized via Apple Keychain while giving administrators settings to control which devices can create and access those passkeys.
Here Apple makes the distinction between three Device Types:

• Any Device (default): Employees can sign in with their managed Apple IDs on any device, syncing the passkeys to devices outside the company.
• Managed Devices Only: This restricts synchronization to company-managed personal devices, catering to bring-your-own-device (BYOD) workplaces.
• Supervised Devices Only: This highest security setting limits passkey synchronization strictly to company-owned and -supervised devices.

Google’s Push in Passkey Adoption

In the consumer space, Google has done a great job of pushing passkey adoption for users.
Regarding enterprises they have enabled passkey integration in Google Workspace, allowing admins to enable sign-ins via passkeys. They also get synchronized between devices through Google’s own Password Manager, however its enterprise device management remains less developed compared to Apple’s offerings. For example as of now, administrators can’t limit which devices the passkeys get synced to.

Android Enterprise also leverages Google’s Password Manager but lacks in similar ways to Google Workspace by not providing admins enough customizations.

Microsoft’s Surprising Silence

Although Microsoft is very prominent in enterprise solutions, their implementation of passkeys is still being waited on. Regarding consumers, Microsoft did a good job of implementing passkeys via their service Windows Hello, but lags behind in the enterprise realm due to missing synchronization and device management. There were some announcements regarding future passkey implementation in the user management service Azure AD which could bring Microsoft back on track.
We’ll wait with high anticipation!

For more comprehensive insights aswell as a breakdown on which tech giant is leading the race of enterprise passkeys, dive into the full article here.