Suppress Windows Hello Entra Passkey on Edge
One of our major partners is making a push to deploy Entra within their organization to replace their aged ADFS infrastructure. Being we are also an Entra org (duh), now whenever they try to log on to the partner website - they log in with their corp credentials rather than the partner one, and get the error of being unable to log in as there is no cross-tenant relationship to their Entra app.
There is a 0% chance of us working with them to implement SCIM for their Entra app - so I need a way to suppress our passkey when on a login.microsoftonline.com page within Microsoft Edge. Realistically, all the existing Microsoft 365 services and other SSO apps we utilize will use the PRT from the browser session - so I don't expect any damage from doing this.
Since the passkey in Windows cannot be removed as it's tied to the Entra Join state - suppression is the best thing I can think of. Anyone else know if this is possible, or maybe a better way?
I can't find anything from their SAML request that allows me to use a domain hint - which would potentially stop the key from appearing.
I also do have passkeys disabled as an authentication strength within my Entra tenant.