Each of us needs a digital identity we own, one which securely and privately stores all its elements.
This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.
I’m thrilled to announce the next major milestone in making this vision real. We are announcing the general availability (GA) of Entra Verified ID, as the newest member to join the Microsoft Entra portfolio.
Faster, more trustworthy way to verify
Customers rely on Azure AD to secure access to corporate resources. However, enabling use of credentials for utility beyond the company (e.g. prove employment for bank loan) is complex and comes with compliance risk. In contrast, identity documents from our everyday lives, like a driver’s license or passport, are well suited for utility beyond travel (e.g. age or residency). We believe an open standards-based Decentralized Identity system can unlock a new set of experiences that give users and organizations greater control over their data—and deliver a higher degree of trust and security for apps, devices, and service providers.
With today’s announcement, millions of Azure AD customers (free and premium) can now easily issue, request, and verify credentials to represent proof of employment, education, or any other claim.
Issue credentials. Customers can now design and issue verifiable credentials to represent proof of employment, education, or other claims. A holder of a credential can decide when, and with whom, to share it. Each credential is signed with cryptographic keys that the user owns and controls. These credentials can be presented and validated even if the issuing institution no longer exists.
Request and verify credentials. Unlike credentials issued by current centralized identity systems, verifiable credentials are standards-based. This makes it easy for developers to understand and does not require custom integrations. Applications can request and verify the authenticity of credentials from any organization using APIs included as part of the service.
Present credentials in a privacy respecting, secure manner. Users can manage and present credentials using Microsoft Authenticator. What makes this unique is it enables users to control who can access them, even if credentials are issued by organizations. We will be adding capabilities like selective disclosure, derived claims (e.g. proof of age instead of birth date) and measures preventing correlation.
Recover credentials. End-users can manage credentials using Microsoft Authenticator and recover from loss using a mnemonic-based (pass phrase) scheme. We continue to partner with the community to find more user friendly, elegant means of enabling recovery. In addition, we will provide custodial and social recovery solutions so users can choose a circle of trusted parties, across friends, family, and organizations.
Interoperable. In addition, we’ve developed a standards-based interop profile in partnership with IBM, Workday, Ping, and Mattr so anyone can build compatible digital wallets. This interop profile gives application developers a consistent way to manage credentials as part of the digital wallets they build and switch across wallets.
Partnership with leading identity verification providers
Some governments around the world are starting to issue digital credentials to verify foundational identity attributes (e.g. age or citizenship). We've established partnerships with 10 leading identity verification partners so enterprises can remotely verify foundational identity attributes across 192 countries, 6,000 identification documents, and 1,000’s of attributes for organizational attributes and individuals. End-users can present these credentials to quickly start a job, apply for a loan, or access secure apps and services—without having to repeatedly share their sensitive information.
“Identity proofing by leading identity verification partners, in the form of Verifiable Credentials, will help reduce
the remote onboarding time for our new employees from as much as three days [today] to as little
as 10 minutes—all while improving the employee experience and making a great ‘first’ impression!”
Easy account recovery: Replace support calls and security questions with a streamlined self-service process to verify identities.
Our API first approach makes it easy for customers to integrate verifiable credentials in their existing apps and enables an easy jumpstart model to improve verifiability and compliance. These apps and services could be hosted on-premises or on Azure, AWS or GCP.
Get started with Entra Verified ID today
Microsoft Entra Verified ID is included with any Azure Active Directory subscription, including Azure AD Free
“We’ve already identified around 60 different use cases for verifiable credentials. It’s so flexible that it can
be used in potentially hundreds of different ways throughout an organization.”