The Microsoft Entra team is looking forward to connecting with you next week at RSA Conference 2024 (RSAC) from May 6 to 9, 2024, in San Francisco! As we enter the age of AI and there are more identities and access points to protect, identity security has never been more paramount. From protecting workforce and external identities to non-human identities—that outnumber human identities 10 to 1—the task of securing access and the interactions between them requires taking a more comprehensive approach.
To help customers protect every identity and every access point, I’d like to highlight recent innovations that we’ll be showcasing at this upcoming event:
- Expanded passkey support for Microsoft Entra ID
- Microsoft Entra ID external authentication methods
- Microsoft Entra External ID general availability
- Microsoft Entra Permissions Management and Microsoft Defender for Cloud integration general availability
- Our vision for cloud access management to strengthen multicloud security
We will be demonstrating these new innovations and sharing more about how to take a holistic approach to identity and access at RSA Conference 2024 (see the table at the end of this blog for more information). Now, let’s take a closer look at Microsoft Entra innovations that we’ll be showcasing at RSAC.
Expanded passkey support for Microsoft Entra ID
In addition to supporting sign-ins via a passkey hosted on a hardware security key, Microsoft Entra ID now includes additional support for device-bound passkeys in the Microsoft Authenticator app on iOS and Android. This will bring strong and convenient authentication to mobile devices for customers with the strictest security requirements.
A passkey is a strong, phishing-resistant authentication method you can use to sign in to any internet resource that supports the W3C WebAuthN standard. Passkeys represent the continuing evolution of the FIDO2 standard aimed at creating a secure and user friendly passwordless experience for everyone.
To learn more about using passkeys in the Microsoft Authenticator app, check out this blog.
Microsoft Entra ID external authentication methods
While organizations increasingly choose to unify their multifactor authentication and access management solutions, thus, simplifying their identity architectures, some organizations have already deployed MFA and want to use their pre-existing MFA provider with Microsoft Entra ID. External authentication methods allow organizations to leverage any MFA solution to meet the MFA requirement with Entra ID.
At launch, external authentication methods integrations will be available with the following identity providers: Cisco, ENTRUST, HYPR, Ping, RSA, SILVERFORT, Symantec, THALES, and TrustBuilder.
Read our documentation to learn more.
Microsoft Entra External ID general availability
Our next-generation, developer friendly customer identity access management (CIAM) solution, Microsoft Entra External ID will become generally available on May 15, 2024. Whether you're building applications for partners, business customers, or consumers, External ID makes secure and customizable CIAM simple. External ID enables you to:
- Secure all identities with a single platform
- Streamline secure collaboration
- Create frictionless end user experiences
- Accelerate the development of secure applications
Learn more about External ID by reading our announcement blog!
Microsoft Entra Permissions Management and Microsoft Defender for Cloud integration general availability
Deploying applications and infrastructure across multiple clouds has become the norm. Ensuring the security of cloud applications and infrastructure requires integrating identity and permission insights into the overall security strategy. This objective is achieved through the integration of Microsoft Entra Permissions Management with Microsoft Defender for Cloud (MDC), which will soon be generally available in May.
The integration streamlines access and permission insights into other cloud postures through a unified interface. Customers benefit from recommendations on mitigating risks within the MDC dashboard, including unused identities, overprivileged permissions, and unused super identities. This facilitates the enforcement of least privilege access for cloud resources across Azure, Amazon Web Services, and Google Cloud Platform.
Our vision for cloud access management to strengthen multicloud security
Deploying applications and infrastructure across multiple clouds has become common in today’s business landscape. At Microsoft, we have long prioritized the protection of customers’ environments, regardless of the number of clouds they use or the providers they choose.
Our recent 2024 State of Multicloud Security Risk Report reconfirms the importance of securing access in multicloud and presents valuable findings based on one year of actual usage data to enhance organizations’ understanding of their risks and facilitate the development of effective mitigation strategies. Key findings related to access and permissions include:
- Only 2% of the 51,000 permissions granted to human and workload identities in 2023 were utilized, with 50% of these permissions classified as high-risk.
- More than 50% of identities are identified as super identities, indicating they have access to all permissions and resources within the multicloud environment.
Above all, this report confirms that the complexity of multicloud risk continues to grow. Coupled with the increase in cyberattacks targeting identities, especially those assigned to non-human entities, security teams are overwhelmed. Consequently, organizations are shifting priorities from infrastructure protection to actively monitoring and securing interactions between human and workload identities accessing corporate cloud resources.
We believe Microsoft can help address these challenges with our new vision for cloud access management, offering visibility into all identities and permissions in use, along with proactive risk detection to enhance protection and management of your environment. We will continue our journey to secure access to resources anywhere by developing a new converged platform that encompasses four key solution areas critical for organizations, based on our continuous engagements with customers:
- Cloud Infrastructure Entitlement Management (CIEM)
- Privileged Access Management (PAM)
- Identity Governance and Administration (IGA)
- Workload Identity and Access Management (IAM)
Stay tuned to learn more about our vision in the coming weeks.
Where to find Microsoft Entra at RSAC 2024
We’re excited to connect with you at RSAC 2024 and discuss the latest innovations to Microsoft Entra. Please join us at the following identity sessions:
| Session Title | Session Description | Date and time | 
| Lesson Learned - General Motors Road to Modern Consumer Identity | This demo-heavy session will provide key insights into the architectural decisions made by General Motors and the lessons learned establishing a secure and resilient customer identity platform powered by Microsoft Cloud for a consistent set of user experiences across all its global customer touchpoints, including web, mobile apps, in-vehicle applications, and backend services | Tuesday May 7, 2024, 1:15 PM - 2:05 PM PT | 
| The Storm-0558 Attack - Inside Microsoft Identity Security's Response | In June 2023, China-based actor Storm-0558 successfully forged tokens to access customer email in 22 agencies using an acquired signing key. This session will walk you through the insider's view of the attack, investigation, mitigation, and repairs resulting from this attack with a focus on what worked and what didn't when defending against this APT actor. | Thursday, May 9, 2024, 12:20 PM - 1:10 PM PT 
 | 
Stop by our booth #6044N to check out our theater sessions!
| Start your CIAM Journey: Secure external identities, streamline collaboration and accelerate your business! | As you expand your business, protecting all external identities, such as customers, business guests and partners, is essential. In this session, we will demonstrate how Microsoft Entra External ID is a single solution that helps you integrate security into your apps, safeguarding external identities with adaptive access policies, verifiable credentials, built-in identity governance, and more. We will also showcase how to streamline collaboration by inviting business guests and defining what internal resources they can access across Teams, SharePoint and OneDrive. | Tuesday May 7, 2024, 3:00-3:20PM | 
| Microsoft Entra and Copilot: Skills you can use for protecting identities and access | Get an overview of the latest Microsoft Entra skills available via Copilot for Security to help your organization protect against identity threats and increase efficiency in managing and governing access. | Tuesday May 7, 2024, 3:30-3:50PM | 
| Modernize your network access with Microsoft’s Security Service Edge Solution | In today’s dynamic landscape, securing access to critical applications and resources is more crucial than ever. The identity-centric Security Service Edge (SSE) solution in Microsoft Entra takes Conditional Access to a new level, protecting any network destination with granular access controls that consider identity, device, and network. Join us to learn how you can secure access for anyone to anything from anywhere with unified identity and network access. | Wednesday May 8, 2024, 2:30-2:50PM | 
| Bringing Passkey into your Passwordless Journey | Most of our customers are either deploying some form of passwordless credential or are planning to in the next few years, however, the industry is all abuzz with excitement about passkeys. What are passkeys and what do they mean for your organization's passwordless journey? Join the Microsoft Entra product team as we walk you through the background of where passkeys came from, their impact on the passwordless ecosystem and the product features and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing resistant strategy. | Thursday May 9, 2024, 12:00-12:20PM | 
We can’t wait to see you in San Francisco for RSA Conference 2024!
Irina Nechaeva,
General Manager of Identity & Network Access