📋 Microsoft Entra Documentation Changes

Daily summary for changes since May 14th 2026, 10:34 PM PDT

Report generated on May 15th 2026, 10:34 PM PDT

📊 Summary

13
Total Commits
0
New Files
2
Modified Files
0
Deleted Files
8
Contributors

📝 Modified Documentation Files

MODIFIED docs/identity/authentication/how-to-authentication-passkeys-fido2.md
Modified by Justinha on May 15, 2026 6:57 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Update passkey policy size description
Changes:
Before
After
- Devices must support passkey (FIDO2) authentication. For Windows devices that are joined to Microsoft Entra ID, the best experience is on Windows 10 version 1903 or higher. Hybrid-joined devices must run Windows 10 version 2004 or higher.
- If a passkey profile for both device-bound and synced passkeys targets Microsoft Authenticator, users need to run Microsoft Authenticator iOS version 6.8.37 or Android version 6.2507.4749.
- Policy size limit:
- The Authentication methods policy supports a size limit of 20 KB. You can't save more passkey profiles after the size limit is reached. To check the size, use the [Get authenticationMethodsPolicy Microsoft Graph API](/graph/api/authenticationmethodspolicy-get) to retrieve the JSON for the Authentication methods policy. Save the output as a .txt file, then right-click and select **Properties** to view the file size.
- Reference sizes:
- Base passkey policy without changes: 1.44 KB
- Target with 1 applied passkey profile: 0.23 KB
- Devices must support passkey (FIDO2) authentication. For Windows devices that are joined to Microsoft Entra ID, the best experience is on Windows 10 version 1903 or higher. Hybrid-joined devices must run Windows 10 version 2004 or higher.
- If a passkey profile for both device-bound and synced passkeys targets Microsoft Authenticator, users need to run Microsoft Authenticator iOS version 6.8.37 or Android version 6.2507.4749.
- Policy size limit:
- The **Passkey (FIDO2)** policy supports a size limit of 20 KB. You can't save more passkey profiles after the size limit is reached.
- Reference sizes:
- Base passkey policy without changes: 1.44 KB
- Target with 1 applied passkey profile: 0.23 KB
MODIFIED docs/identity-platform/reference-error-codes.md
Modified by Tracey Torble on May 15, 2026 3:20 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Acrolinx
Changes:
Before
After
| Error | Description |
|---|---|
| AADSTS16000 | InteractionRequired - User account '{EmailHidden}' from identity provider '{idp}' doesn't exist in tenant '{tenant}' and can't access the application '{appid}'({appName}) in that tenant. This account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Microsoft Entra user account. This error is fairly common when you try to sign in to Microsoft Entra admin center by using personal Microsoft Account and no directory associated with it. |
| AADSTS16001 | UserAccountSelectionInvalid - You see this error if the user selects on a tile that the session select logic has rejected. When triggered, this error allows the user to recover by picking from an updated list of tiles/sessions, or by choosing another account. This error can occur because of a code defect or race condition. |
| AADSTS16002 | AppSessionSelectionInvalid - The app-specified SID requirement wasn't met. |
| AADSTS160021| AppSessionSelectionInvalidSessionNotExist - Application requested a user session that doesn't exist. This issue can be resolved by creating new Azure account. |
| AADSTS16003 | SsoUserAccountNotFoundInResourceTenant - Indicates that the user hasn't been explicitly added to the tenant. |
| Error | Description |
|---|---|
| AADSTS16000 | InteractionRequired - User account '{EmailHidden}' from identity provider '{idp}' doesn't exist in tenant '{tenant}' and can't access the application '{appid}'({appName}) in that tenant. This account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Microsoft Entra user account. This error is fairly common when you try to sign in to Microsoft Entra admin center by using personal Microsoft Account and no directory associated with it. |
| AADSTS16001 | UserAccountSelectionInvalid - You see this error if the user selects a tile that the session select logic has rejected. When triggered, this error allows the user to recover by picking from an updated list of tiles/sessions, or by choosing another account. This error can occur because of a code defect or race condition. |
| AADSTS16002 | AppSessionSelectionInvalid - The app-specified SID requirement wasn't met. |
| AADSTS160021| AppSessionSelectionInvalidSessionNotExist - Application requested a user session that doesn't exist. This issue can be resolved by creating new Azure account. |
| AADSTS16003 | SsoUserAccountNotFoundInResourceTenant - Indicates that the user hasn't been explicitly added to the tenant. |

🤖 This report was automatically generated by the Entra Docs Monitor

📧 Delivered to merill@merill.net

🔗 Visit Repository