Blog Post

Microsoft Entra Blog
3 MIN READ

New capabilities in Microsoft Entra Verified ID now available

AnkurPatel's avatar
AnkurPatel
Icon for Microsoft rankMicrosoft
Jun 21, 2022

We’re only weeks away from general availability of Microsoft Entra Verified ID! Enterprises during the preview period are issuing and verifying credentials across a variety of scenarios, ranging from remote onboarding at work, and collaboration across business boundariestoenabling education beyond the campus.  

 

 

“Identity proofing by leading identity verification partners, in the form of Verifiable Credentials, will help reduce the remote onboarding time for our new employees from as much as 3 days [today] to as little as 10 minutes—all while improving the employee experience and making a great ‘first’ impression!” – Autodesk 

 

 

I’m thrilled to share additional preview features aimed at making it easier for issuers and verifiers to exchange credentials in a trustworthy manner. As described in our previous blog post, we’re extending these new capabilities for any Microsoft customer.

 

What’s new 

 

Quickly issue a Verifiable Credential for directory-based claims 

Based on customer feedback, in addition to managing Custom Credentials, we’re excited to share that you can now use the Quick Start option to configure the look and feel based on directory-based claims. Directory-based claims (e.g., Azure AD) have been used to power profile cards in M365 for a long time. You can configure and tap into these claims using Microsoft Graph to create Verified Credentials for a wide variety of use cases, such as a verified employee. 

 

Figure 1. IT administrators can configure and publish these credentials using Azure Portal.

 

Enterprises can issue Verifiable Credentials to existing users of Microsoft Authenticator (or any other standards-compliant wallet). Admins can enable Authenticator users to accept these credentials with just one click! 

 

Verifiable Credentials Network 

We are thrilled to offer Verifiable Credentials Network so developers can discover their preferred issuer of credential types, e.g., Verified Student by Contoso University using portal for administrators or APIs.  Anyone using the free version of Azure AD can now easily request and verify credentials without requiring any custom integration with issuers. 

 

Figure 2 Search for preferred issuer and the credential type to verify .

 

APIs for developers and administrators 

Developers can use APIs for Verifiable Credential Network to discover credential types and choose their preferred issuer (e.g., student ID credentials by Contoso University). In addition, developers can use Request API to programmatically issue and verify credentials so developers can quickly integrate verifiable credentials into new and existing apps. Samples are available in .net, Java, Node.JS, and Python, illustrating how to use the Request API. In addition, using the Admin API, administrators can automate everything from onboarding your tenant to creating issuers, to managing the look and feel of credentials. 

 

Recovering from loss of device using backup and restore  

 

Figure 3. Set up credentials and securely recover them if your device is lost. This UI shows how that set up would work.

 

MS Authenticator users can now recover Verifiable Credentials in the event of a loss of device. Users can export their credentials and secure the exported file using a pass phrase to ensure that only you can access your encrypted credentials. If you lose your phone, you can use Microsoft Authenticator on the new device to import credentials using the file, along with the passphrase.  

 

Thank you for your feedback 

We enjoy hearing thoughts and reactions from the community, so please let us know what you think in the comments below, on Twitter (@AzureAD) or in the Azure Feedback Forum. Please check out documentation for further details. 

 

Getting started 

 

 

 Learn more about Microsoft identity:

 

Updated Jun 24, 2022
Version 2.0
  • MikeAtBlu's avatar
    MikeAtBlu
    Copper Contributor

    I'm not sure I understand why was it necessary to have these features in Entra instead of just Azure.
    It feels to me that the Entra team did a bad job at explaining WHY we need Entra in the first place and why we can't have all the features directly in AAD.
    Is it just a rebranding for commercial reasons? We are getting jet another portal and another product name in the chaotic galaxy of Microsoft products.

     

    Please keep things simpler, shorter, and minimalistic. We are getting lost.

  • My organization Azure AD tenant wants to be an issuer and issue verifiable credentials to all its Azure AD users/employees.

    This verifiable credential from Microsoft Authenticator app will also be used for many other systems and other organizations and processes.

    So, besides this, my question: Is it ok to expect that we will be able to use this Verifiable Credentials from Microsoft Authenticator app to login to internal Azure AD / M365 in the future? (Instead of user/pass/MFA/phone-sign etc.)