Everyone talks about going passwordless—few actually talk about what breaks when you do it. This session cuts through the marketing and focuses on real-world deployment lessons from enterprise environments that attempted to eliminate passwords using Microsoft Entra ID. We’ll walk through what really happens during rollout: why the pilot group lies to you, which authentication methods users actually adopt (vs. what you thought they would adopt), and how legacy apps quietly sabotage your timeline. You’ll see working configs for Windows Hello for Business (cloud trust vs. key trust), FIDO2 security keys, and Microsoft Authenticator—plus where each one falls short. We’ll also dig into identity architecture changes required for success, including Conditional Access redesign, authentication strengths, and fallback strategy pitfalls that can completely undermine your passwordless posture.
Expect hard-earned lessons, not theory—including how to handle contractors, shared devices, and executives who “forgot their phone.”
You will learn:
- How to design a realistic passwordless rollout strategy (and avoid common failure points)
- What actually happens with WHfB, FIDO2, and Authenticator in production
- How to fix legacy app authentication gaps without killing momentum
- How to build resilient fallback strategies without reintroducing passwords
- Practical approaches for user adoption, resistance, and edge cases