DISCLAIMER: I am not Nostradamus, nor do I have a time machine (though how good would that be). The predictions below are my own and, well, let’s be honest, predictable. I should also point out that I used AI to do some of the heavy lifting (at least from an analysis perspective).
This is part 5 in my ongoing series that all started with my Six Tech Trends Shaping 2026 post.
Part 1: Agentic AI Takes the Wheel in 2026
Part 2: AI Governance Will Stop Being Optional
Part 3: Hybrid Work Gets Its Second Act
Part 4: The Great SaaS Consolidation
Let’s talk about the elephant in every IT department: security that makes users want to throw their laptops out the window. You know the drill—passwords that need seventeen characters including a hieroglyph and your firstborn’s middle name, VPNs that disconnect every time you blink, and MFA prompts that pop up at the exact moment you’re trying to join an important meeting.
But here’s the thing that keeps CISOs up at night: all that friction doesn’t just annoy users—it actively undermines security. When authentication is a nightmare, people find creative workarounds. They write passwords on sticky notes. They use the same password everywhere. They click ‘trust this device’ on everything. The very systems designed to protect your organization become the weak points.
2026 is shaping up to be the year where this finally changes. Not because security is getting weaker—quite the opposite. It’s because we’re finally figuring out how to make strong security feel invisible to users whilst being impenetrable to attackers. Zero-trust architectures are going mainstream, passwordless authentication is becoming the default, and perhaps most importantly, automated network micro-segmentation is making internal security boundaries both powerful and practical.
The Real Cost of Password Resets (Spoiler: It’s Staggering)
Before we dive into the solutions, let’s quantify the problem. According to Forrester Research, the average cost of a single password reset handled manually by your help desk is around $70.[1] That might not sound catastrophic until you realise that Gartner estimates 20-50% of all help desk calls are password-related.[2]
Let’s do some napkin maths for a mid-sized organisation:
- 1,000 employees
- Average of 2 password reset requests per employee per year
- $70 per manual reset
- Total annual cost: $140,000 just in help desk time
And that’s just the direct cost. Factor in the productivity losses, industry research suggests employees spend an average of 11 hours per year dealing with password issues, which translates to roughly $480 per employee in lost productivity and you’re looking at a much bigger problem. For that same 1,000-person organization, that’s nearly half a million dollars annually going up in smoke over password friction.
But wait, there’s more bad news: according to Microsoft’s security research, over 60% of breaches involve compromised credentials.[3] All that friction, all that cost, and passwords still remain one of the most vulnerable elements of your security architecture.
Zero-Trust Goes Mainstream (Finally)
Zero-trust has been the security buzzword for years, but 2026 is when it moves from aspirational framework to operational reality. The core principle ‘never trust, always verify’ is deceptively simple. The implementation, historically, has been anything but.
According to Gartner’s 2025 research, by 2026, 10% of large enterprises will have a mature, measurable zero-trust program in place, up from less than 1% currently.[4] That might sound like slow progress, but the momentum is building: 81% of organizations plan to implement zero-trust within the next 12 months, and 65% are actively replacing legacy VPNs with zero-trust network access solutions.
What’s driving this shift? Three factors:
First, the hybrid work reality. The perimeter has well and truly dissolved. Your employees are everywhere, your applications are in multiple clouds, and your data is distributed across SaaS platforms. The old ‘castle and moat’ approach where you build a strong perimeter and trust everything inside simply doesn’t work anymore.
Second, regulatory pressure. NIS2 in Europe, the Australian Essential Eight, updated NIST guidelines in the United States—they’re all pushing organizations toward zero-trust architectures. It’s no longer a nice-to-have; it’s becoming a compliance requirement.
Third, and perhaps most importantly, the technology has matured. Zero-trust used to mean rip-and-replace infrastructure projects that took years. Modern solutions integrate with existing infrastructure and can be implemented iteratively. Microsoft’s Entra ID (formerly Azure AD), for instance, provides identity-centric zero-trust capabilities that work with your existing Microsoft 365 environment. According to Forrester, organizations in Asia-Pacific are leading adoption, with 37% of C-level executives citing complexity as their primary concern, compared to just 13% in North America citing visibility as their main challenge.[5]
The Passwordless Revolution Picks Up Speed
Here’s where things get properly interesting. Passwordless authentication isn’t just about convenience though that’s a massive benefit. It’s about eliminating the single weakest link in most security architectures: the password itself.
Gartner predicts that by 2025, more than 50% of the workforce and more than 20% of customer authentication transactions will be passwordless.[6] We’re already seeing this play out in the consumer space—Apple’s passkeys, Google’s implementation of FIDO2 standards, and Microsoft’s push toward passwordless authentication in Windows Hello.
But enterprise adoption is where the real transformation is happening. Microsoft announced in May 2025 that passkeys will become the default authentication method for new Microsoft accounts, and they’ve seen a 120% increase in passkey usage over the past year.[7] The numbers don’t lie: passkeys have a 98% success rate compared to just 32% for traditional passwords.[8]
Google reports that over 800 million accounts are now using passkeys, with users experiencing login times that are 6 times faster than passwords.[9] Amazon has enabled passkey authentication for over 175 million customer accounts.[10] The FIDO Alliance reports that 87% of US and UK companies are either deploying or planning to deploy passkeys.[11]
The enterprise impacts are significant:
- 82% report improved user experience
- 90% see security improvements
- 77% experience help desk call reductions
- 73% gain productivity improvements
Best Buy, one of the early enterprise adopters, reported a 90% reduction in account recovery requests after implementing passkeys. That’s the kind of ROI that makes CFOs pay attention.
The Missing Piece: Network Micro-segmentation
Here’s the uncomfortable truth: even with perfect identity security through zero-trust and passwordless authentication, you’re only halfway there. Because once credentials are compromised and they will be, eventually—attackers can move laterally across your network like they own the place.
This is where network micro-segmentation comes in, and it’s perhaps the most critical piece of the zero-trust puzzle that organizations tend to overlook. According to recent research, whilst nearly 70% of security leaders agree micro-segmentation is essential for achieving zero-trust, only 5% of organizations have actually implemented it.[12] The reason? Traditional micro-segmentation has been notoriously complex, requiring months or years of manual configuration and ongoing maintenance.
But that’s changing rapidly. Modern micro-segmentation solutions can now learn your network behavior automatically and implement granular security policies in days rather than years. Think of it as creating a firewall ‘bubble’ around every single asset in your network servers, workstations, IoT devices, everything—and allowing only legitimate, necessary traffic whilst blocking everything else by default.
The security impact is profound. According to Gartner, by 2026, 60% of enterprises working toward zero-trust architecture will use more than one deployment form of micro-segmentation, up from less than 5% in 2023.[13] CISA’s latest guidance now positions micro-segmentation as a foundational element of zero-trust, not an advanced feature to implement years down the track.[14]
What makes modern micro-segmentation compelling for 2026 is the automation. Solutions like Zero Networks one of Insentra’s key technology partners deploy without agents, learn network patterns automatically over 30 days, and then create and enforce least-privilege policies with minimal manual intervention.[15] They also add just-in-time MFA at the network layer for privileged protocols like RDP and SSH, creating another barrier that stops lateral movement dead in its tracks.
The business case is equally compelling. For a large enterprise with 10,000 employees and 1,000 servers, automated micro-segmentation can save 87% compared to traditional firewall segmentation and 75% compared to legacy micro-segmentation approaches.[16] That’s not just cost savings it’s making previously impractical security controls actually achievable.
What This Means for Your Microsoft 365 Environment
If you’re running Microsoft 365 and let’s face it, most enterprises are—2026 brings some important changes you need to know about. Microsoft Entra ID (formerly Azure AD) is making passwordless authentication increasingly frictionless:
- Starting March 2026, Entra ID will auto-enable passkey profiles for eligible users
- If you don’t configure your own passkey deployment by April 2026, Microsoft will start automatically migrating users
- Microsoft-managed authentication campaigns will shift from Authenticator to passkeys as the primary method
This isn’t Microsoft being pushy, it’s them recognising that the security benefits are too significant to leave optional. But it does mean you need a deployment strategy. The good news is that modern passkey implementations can use synced credentials (stored in password managers or cloud services) rather than requiring device-specific keys, making the rollout much more manageable for large organizations = with diverse device ecosystems.
For your broader zero-trust architecture, Entra ID provides the identity pillar, Defender provides the endpoint and application security, and solutions like Zero Networks complement this with automated network segmentation. The pieces are starting to fit together in ways that actually work in the real world, not just in vendor slide decks.
The Implementation Reality Check
Now, before you rush off to rip out all your passwords and segment your entire network over the weekend, let’s talk about the actual challenges:
Account Recovery Complexity
When users lose their physical security keys or change devices, recovery processes need to be bulletproof. You’ll need clear procedures, backup authentication m
Legacy Application Support
That 15-year-old ERP system that’s still running your business? It’s probably not going to support passkeys anytime soon. You’ll need transition strategies that allow modern and legacy authentication to coexist without creating security gaps.
Ecosystem Fragmentation
Not all passkey implementations are created equal. Syncable passkeys (stored in cloud services) vs. device-bound keys (stored in hardware security modules) have different security and usability trade-offs. Your strategy needs to accommodate both.
Change Management
This is the big one. You’re not just changing technology, you’re changing ingrained user behaviors. People have been trained for decades that ‘security = remembering complicated passwords.’ Shifting that mindset requires communication, training, and patience.
Regional Regulatory Variations
Different regions have different requirements. The UAE Central Bank, for instance, has mandated the elimination of SMS and email OTPs by March 2026. The USPTO discontinued SMS authentication in May 2025. NIST SP 800-63-4 now requires that AAL2 authentication must offer a phishing-resistant option, though syncable passkeys qualify.
Getting Started: A Practical Roadmap
So where do you actually start? Here’s a phased approach that won’t make your security team quit:
Phase 1: Assessment and Pilot (Months 1-2)
Audit your current authentication landscape. Which systems support modern protocols? Which don’t? Identify your highest-risk user groups, typically administrators and executives and run a pilot program. Start with a small group of tech-savvy volunteers who can provide feedback and help refine your processes.
For network segmentation, this is where automated learning becomes invaluable. Modern solutions can observe your network for 30 days and build an accurate map of what traffic is actually necessary, rather than forcing you to document everything manually.
Phase 2: Infrastructure Preparation (Months 2-3)
Enable FIDO2/WebAuthn support in your identity provider. For Microsoft 365 environments, this means configuring Entra ID authentication methods. Set up conditional access policies that can require passwordless authentication for sensitive operations whilst still allowing fallback methods during the transition.
Deploy your micro-segmentation infrastructure. With modern solutions, this means installing a virtual appliance that monitors network traffic without being inline, no disruption to operations whilst you’re learning patterns.
Phase 3: Controlled Rollout (Months 3-6)
Start with administrators and IT staff, the people who need the highest security and can troubleshoot issues independently. Gradually expand to other departments, using lessons learned from each group to refine your approach. For micro-segmentation, begin enforcing policies on non-critical systems first, validating that legitimate traffic flows correctly before moving to production systems.
Phase 4: Broad Deployment (Months 6-9)
Roll out to remaining user groups with clear communication about benefits: faster logins, no more password resets, better security. Make help resources easily accessible. For network segmentation, this is when you expand coverage to include all critical assets and enforce just-in-time MFA for privileged access.
Phase 5: Optimization and Hardening (Months 9-12)
Analyze adoption metrics, security incident data, and help desk tickets. Tighten conditional access policies. Consider phasing out legacy authentication methods for low-risk systems. Continuously refine your micro-segmentation policies based on changing business needs and threat intelligence.
Where Insentra Comes In
Look, transforming your security architecture isn’t a weekend project. It’s the kind of initiative where having experienced guides who’ve done this before makes the difference between smooth sailing and a months-long slog through unexpected complications.
At Insentra, security isn’t a side project it’s core to what we do. Our Secure Workplace practice has helped organizations across Australia and globally navigate exactly these transformations. Whether it’s implementing zero-trust architectures, deploying passwordless authentication at scale, or rolling out network micro-segmentation that actually works, we’ve got the experience and the technology partnerships to make it happen.
Our approach combines several key capabilities:
Identity & Access Management: We’ll help you design and implement modern authentication strategies using Microsoft Entra ID, including passwordless deployment, conditional access policies, and integration with your existing systems. Our team has deployed these solutions for hundreds of organizations and knows where the gotchas hide.
Network Micro-segmentation: As a partner of Zero Networks, we bring automated micro-segmentation capabilities that deploy in days rather than years. We handle everything from initial network learning through policy refinement and ongoing optimization, making previously impractical network security controls achievable for organizations of any size.
Managed Security Services: For organizations that want expert security management without building large internal teams, our Managed Security services provide 24×7 monitoring and management of your Microsoft security stack. We handle the alerts, the updates, and the optimization whilst you focus on running your business.
Professional Services: Sometimes you need specific expertise for a defined project deploying Advanced Threat Protection, implementing Information Protection policies, or designing your broader zero-trust architecture. Our professional services team brings deep technical expertise without the overhead of building permanent capability.
What makes our approach different is that we’re channel-focused, we work exclusively through IT partners and vendors, which means we’re extensions of your team, not competitors. We bring:
- Technical expertise across the Microsoft 365 ecosystem and complementary security platforms
- Real-world experience from hundreds of security transformations across diverse industries and regulatory environments
- Strategic partnerships with vendors like Zero Networks that give us early access to technology and deep product expertise
- ISO 27001 certification and commitment to security best practices in our own operations
Whether you’re just starting to think about zero-trust, midway through a passwordless deployment that’s hit unexpected challenges, or looking to add network micro-segmentation to your security architecture, we can help you navigate the complexity and get to outcomes that actually improve both security and user experience.
The Bottom Line
Security and usability have been at war for decades. In 2026, we’re finally reaching a détente.
The convergence of mature zero-trust frameworks, practical passwordless authentication, and automated network micro-segmentation means you can genuinely improve security whilst reducing user friction. The technology works. The standards are established. The regulatory environment is pushing in the right direction. And critically, the business case—both from a security perspective and a cost reduction perspective, is compelling.
However, and this is important, none of this happens by accident. It requires strategy, planning, and expertise to navigate the transition without creating new problems. The organizations that get this right will significantly reduce their attack surface, slash help desk costs, improve user productivity, and sleep better at night knowing that even when credentials are compromised, lateral movement is blocked.
The question isn’t whether to move toward user-friendly security. The question is whether you’re going to lead the transition or scramble to catch up when it becomes mandatory.
If you are ready to modernise your security architecture without increasing friction for your users, contact us to start building your zero trust and passwordless roadmap today.
I know which option I’d pick.
Dan Kregor | Insentra
Making enterprise tech transformations slightly less terrifying since… well, for quite a while now!
References and Sources
[1] Forrester Research – Average help desk labor cost for a single password reset is approximately $70
[2] Gartner Group – 20-50% of all help desk calls are for password resets
[3] Microsoft Security – Over 60% of breaches involve compromised credentials
[4] Gartner Strategic Roadmap for Zero Trust – Zero-trust adoption statistics and enterprise maturity forecasts
[5] Forrester Research – Regional zero-trust adoption patterns and enterprise security insights
[6] Gartner Passwordless Authentication Forecast – Prediction that >50% of workforce will use passwordless by 2025
[7] Microsoft Security Blog: Pushing Passkeys Forward – Passkeys default for new accounts and 120% usage increase
[8] Microsoft Entra ID: Synced Passkeys – 98% success rate for passkeys vs 32% for passwords
[9] Google Passkey Statistics – 800M+ accounts using passkeys, 6x faster login
[10] Amazon Passkey Adoption – 175M customer accounts with passkey authentication
[11] FIDO Alliance Passkey Deployment Report – 87% of US/UK companies deploying or planning passkeys
[12] Zero Networks: Microsegmentation and Zero Trust – 70% of security leaders consider microsegmentation essential, only 5% have implemented
[13] Gartner Market Guide: Microsegmentation for Zero Trust – 60% of enterprises to use multiple forms of microsegmentation by 2026
[14] CISA: Microsegmentation in Zero Trust – Microsegmentation as foundational element of zero-trust architecture
[15] Zero Networks Platform – Automated, agentless microsegmentation with 30-day learning and JIT MFA
[16] Zero Networks: Network Segmentation ROI – 87% cost savings vs traditional segmentation, 75% vs legacy microsegmentation
Additional Industry Sources:
• McKinsey & Company – Global cybersecurity investment projections
• Deloitte – Enterprise security transformation studies
• NIST SP 800-63-4 – Digital Identity Guidelines and authentication standards
• Enterprise Management Associates (EMA) – Microsegmentation importance survey (96% consider it important)
• Dashlane 2025 Passkey Power 20 Report – Global passkey adoption trends and user behavior data
