I was getting a degraded user experience with intermittent issues in Microsoft Teams on iOS. The app allowed normal sign-in and usage, but after a short time, messaging and syncing would silently stop functioning.
The only workaround was to sign out and sign back in this issue started after registering a passkey in Entra ID (Azure AD) but continuing to use password less sign-in via the Microsoft Authenticator app (verification code method) instead of the passkey.
The seemed to occur very soon after me not being able to use a Passkey to login as the Bluetooth was not enabled as the server being used was not locally with me, this means Passkey will not work in this scenario as your "device" needs to be near the "login device"
I first noticed something was suspicious when I tried to use Edge on iOS when I tried to log into the Entra portal which was successful with my password less code - then, within five minutes, I was told by the poor that my token was no longer valid or did not exist.
This is very quickly followed by:
When I signed into Edge on iOS with my passkey this is when all the errors vanished about tokens and sessions and invalid credentials.
When this problem was fixed, I wondered if based on the strong authentication policy Entra Preferred, the strongest authentication meaning if you had a passkey It was probably worth using it all the time.
That’s when I thought let’s try this approach on Teams for iOS - this was the flow on teams:
- Teams iOS app signs in successfully using password less authentication via the Authenticator app’s code.
- Messaging and presence initially work, then silently stop.
- No visible error or prompt.
- Signing out and signing back in temporarily resolves the issue.
Root Cause (from Evidence)
After registering a passkey (FIDO2/WebAuthn credential) with Microsoft 365 but not using it, the Teams mobile app on iOS attempt to silently authenticate using the registered passkey, due to Microsoft Entra recognizing it as a valid method.
When this happens:
- The app may fail to refresh tokens in the background if the passkey isn't fully initialized or available (e.g., Face ID prompt never appears, keychain isn't synced, etc.).
- This results in a broken session, with no error messaging to the user.
Why does this happen?
Microsoft Teams relies on modern authentication and background token refresh. When multiple password less methods are registered—such as a passkey and Authenticator-based code login—Teams may prioritize passkey-based login depending on the platform’s behavior (especially on iOS).
If the passkey state matches more than one of these conditions then authentication fails silently, and Teams loses the ability to send/receive messages.
- Registered
- Never used
- Not available in the keychain during background refresh
How to Resolve It ✅
- Sign out of Teams
- Sign back in using the registered passkey method
- This completes the credential flow and allows token refresh to work properly
I have the Passkey added as option 4 but if you notice my default (green box) is set to hardware token which will need to be updated.
Click on the change next to the text then choose the option for "App based authenticator - notification" and click Confirm as below:
This will still allow you to use a Passkey where you can, but this means you can use your password less login code and not have the Passkey failing authentication.