Microsoft and Bitwarden Expand Windows 11 Enterprise Authentication and Endpoint Onboarding Capabilities
Bitwarden announced support for passkey-based login on Windows 11, enabling phishing-resistant, passwordless sign-in using passkeys stored in a user’s encrypted Bitwarden vault. The flow uses the Windows “security key” option and a QR-code confirmation from a mobile device, with authentication performed via cryptographic challenge/response rather than transmitting shared secrets; Bitwarden positions this as reducing credential theft risk from phishing. The capability depends on Microsoft’s Windows 11 passkey provider support and requires specific enterprise conditions, including Entra ID–joined devices, FIDO2 security key sign-in enabled, and a registered Entra ID passkey stored in Bitwarden.
Microsoft also introduced an updated Defender deployment tool for Windows aimed at streamlining large-scale endpoint onboarding into Microsoft Defender. The tool packages onboarding information into a single downloadable .exe (reducing the need for separate onboarding files across modern and legacy systems), supports silent/non-interactive deployment via tools like Group Policy or Configuration Manager, and adds administrative controls to reduce risk if onboarding packages are shared externally (e.g., identifiers/keys, tracking, and package expiration up to one year). Microsoft Defender portal updates add improved guidance and visibility, with onboarding events surfaced in device timelines and advanced hunting to help teams monitor progress and troubleshoot errors during rollout.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Bitwarden announces Windows 11 passkey sign-in support
Bitwarden announced support for signing into Windows 11 with passkeys stored in a Bitwarden vault, using a QR-code-based flow and positioning the feature as phishing-resistant for Entra ID enterprise environments. The feature is available across Bitwarden plans, including free, for Entra ID-joined devices with FIDO2 security key sign-in enabled.
Microsoft updates Defender deployment tool for Windows
Microsoft updated its Defender deployment tool for Windows to use a single downloadable executable for onboarding, add silent deployment support, improve visibility in device timeline and advanced hunting, and introduce package governance controls such as identifiers and optional expiration.
Microsoft begins rolling out Windows passkey login during March
Bitwarden said Microsoft's Windows passkey login capability would roll out during March 2026, with availability depending on an organization's Microsoft Entra ID configuration.
Microsoft introduces Windows 11 passkey provider API
Microsoft introduced a Windows 11 passkey provider API that allows third-party password managers such as Bitwarden and 1Password to store and manage passkeys for websites, apps, and eventually OS sign-in workflows.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Bitwarden Brings Passkey Logins to Windows 11, Expanding Passwordless Sign-Ins
techrepublic.com
Open sourceBitwarden adds support for passkey login on Windows 11
bleepingcomputer.com
Open sourceNew Defender deployment tool streamlines Windows device onboarding with single executable - Help Net Security
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


