I’m always excited to share the great work our Azure Active Directory (Azure AD) Alliances team has been doing. Leading up to Microsoft Ignite this year, the team has been hard at work collaborating with a wide range of technology vendors to extend our Azure AD capabilities and give our customers more options to be secure. As you will see below, these integrations support both new and existing business critical motions, including certificate-based authentication, Zero Trust, external identities, and more.
Supporting phishing-resistant authentication
Supporting phishing-resistant authentication methods is core to our mission to protect users against account compromise. In her earlier Ignite session, Joy Chik, President of Identity and Network Access, announced that certificate-based authentication (CBA) is generally available in Microsoft Entra, along with Conditional Access Authentication Strength public preview. These vendors have integrated with Azure AD to enable secure and phishing-resistant options for authentication.
|
|
Axiad Cloud automates the provisioning of a wide range of multifactor authentication credentials with Azure AD, including CBA with public key infrastructure (PKI), without requiring any on-premises dependencies. This makes it easier for Microsoft users to move to the cloud from on-prem solutions. To learn more about Axiad’s support of Azure Active Directory, visit the https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.axiadcloud?ocid=GTMRewards_WhatsNewBlog_platformsupport_Vol105&tab=Overview or our https://www.brighttalk.com/webcast/18706/560962?utm_source=Microsoft&utm_medium=twitter&utm_campaign=webinar8.
|
|
|
https://blog.hidglobal.com/2022/04/microsoft-and-hid-improve-certificate-based-authentication enable the tens of millions of identities already leveraging x.509 (PKI) digital certificates to natively authenticate to Azure AD and any applications protected by it. This integration makes certificate-based authentication easier to deploy while simplifying remote management of credential lifecycles.
|
|
|
Based on configuration as code, https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.simeoncloud.com%2F&data=05%7C01%7Cnateep%40microsoft.com%7Cfea1e3f0e01b4d32b82408daa2587c30%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638000798633559238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=R9RBAOjjSnlSdKySuH8VNmXtCfAXC9nZhQ%2F1XgpEwYI%3D&reserved=0 allows administrators to enforce multifactor authentication (MFA) with Conditional Access policies in all tenants easily. Simeon’s software allows administrators to deploy policies centrally, monitor changes, and view policy compliance holistically across all the tenants.
|
|
|
With the new Azure AD cloud-native CBA support, Microsoft customers can use https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication, https://cpl.thalesgroup.com/access-management/authenticators/pki-smart-cards, and https://cpl.thalesgroup.com/access-management/authenticators/fido-devices provided by https://www.microsoft.com/security/business/intelligent-security-association member https://cpl.thalesgroup.com/. By supporting multiple-use cases in one single device, Thales allows organizations to extend high assurance access to the cloud while building on their existing environments.
|
|
|
With General Availability of Azure AD CBA, Azure AD customers can bring their public key infrastructure (PKI) to Azure AD and allow users with smart card certificates secured with https://www.yubico.com/ to sign into Azure AD-protected Windows workstations and applications. Additionally, Microsoft’s new Conditional Access Authentication Strength capability will enable organizations to deploy policies that require users to use phishing-resistant authentication, and they can do so with a YubiKey.
|
Supporting our customers’ Zero Trust journey
One of our top requests from customers is to help them adopt a https://www.microsoft.com/en-us/security/business/zero-trust. We've spent years building our Zero Trust approach internally at Microsoft, and by working together with vendors, https://learn.microsoft.com/en-us/security/zero-trust/integrate/identity to organizations to support their own Zero Trust journey while continuing to get value from Microsoft Entra.
Support explicit verification for legacy applications
Many business applications were created to work in a protected corporate network and may use legacy authentication methods. As you can see from the following integrations, independent software vendors can create https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/secure-hybrid-access-integrations solutions that connect apps to Azure AD and provide modern authentication solutions for legacy applications.
|
|
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cloudflare.com%2Fen-gb%2Fpartners%2Ftechnology-partners%2Fmicrosoft%2Fazure-ad%2F&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729471942323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7H2Ioixk3pu%2Fmdhuke%2Bqo6qfURZ8h3KnS4pr5olPhi4%3D&reserved=0 has completed https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fcloudflare-azure-ad-integration&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729471942323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dl3sQDAeuoJw4PDAgcc92mwPwoeD0HakBjZTR2j%2Bvwo%3D&reserved=0 and https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Factive-directory-b2c%2Fpartner-cloudflare&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729471942323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=V7A8VCsAlqGJyzimZnRWIKPfCwP81YVQ1N1FEzTmozE%3D&reserved=0 and is now a member of https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fsecure-hybrid-access-integrations&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729471942323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dZRnN%2FnOyNcy4K9tgJWMJfTjrGoTFf68uw65LgIFfhA%3D&reserved=0. https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.cloudflare.com%2Fcloudflare-partners-with-microsoft-to-protect-joint-customers-with-global-zero-trust-network%2F&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729471942323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=a0Kph9q3zdIJq6JKqI1LIn2hr%2FdtryZ3Yk1%2FM5FHEHc%3D&reserved=0 helps our customers achieve advanced security for legacy and Azure-hosted applications by securing web applications and safeguarding employees with identity and device protections. https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.cloudflare.com%2Fcloudflare-recognized-by-microsoft-as-a-security-software-innovator%2F&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729471942323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BdbnLCvO5%2FsCeELrV0RPKNlry75HHy7pL6Bn0i%2FOzmQ%3D&reserved=0 helps organizations seamlessly enhance their Enterprise security and take the next step in their Zero Trust journey.
|
|
|
Microsoft and https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datawiza.com%2F&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729472098537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OHrxkbJhiauCJ9K2Jz7qeIp8rvArv%2FZwDIvIECajNkI%3D&reserved=0 collaborated to provide new integration with Microsoft 365 that allows businesses to deploy multifactor authentication (MFA) for mission-critical https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fdatawiza-azure-ad-sso-oracle-jde&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729472098537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Y0IIafV2QYsR2CoHjM9vACYfkxMqrBPZdZPFne633Fo%3D&reserved=0 applications. In just a few minutes, without coding, https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datawiza.com%2Fwhitepapers%2Fazure-ad-migration%2F&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729472098537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pWXhoojadkomRE7uziggOJmvAhHVvnz5AkzGDilzK9M%3D&reserved=0 and begin requiring MFA, as well as single sign-on (SSO) and Conditional Access, to log into any application – from https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fdatawiza-azure-ad-sso-oracle-peoplesoft&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729472098537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FNY2f554%2BLzxb6P5ceI%2Bqb2qVdOVaYJxjIjc9P9yIfY%3D&reserved=0 to https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fdatawiza-with-azure-ad&data=05%7C01%7Csdriggers%40affirma.com%7C7daa9c133d00414a088208daae1b42ba%7C65265dd04b2044a4aca4b7ecbb143664%7C0%7C0%7C638013729472098537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bvHUxv666ePL%2Fh5BAQz907gtulPC1bjKbG%2BzYDuNioU%3D&reserved=0 to open-source tools.
|
Enforcing least-privilege for non-human identities
It’s important to monitor and limit access for non-human identities, such as apps and services that are running without signed-in users. Independent software vendors can help expand the toolset we have available for customers to manage access of non-human identities.
|
|
By utilizing Microsoft Graph APIs and Azure AD audit logs, https://www.valencesecurity.com/ helps customers enforce the Zero Trust principle of least-privilege by correlating multiple data sources to provide one viewpoint into the enterprise applications, service principals, OAuth tokens, and APIs that have access to Microsoft’s SaaS services. Valence is now https://azuremarketplace.microsoft.com/marketplace/apps/aad.valence?tab=overview in the Azure AD app gallery, along with a https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/valence-tutorial for integrating it with your Azure AD tenant. Learn more about this integration on their https://www.valencesecurity.com/resources/valence-integrates-with-azure-ad.
|
Assume breach and evaluate identity risk
Evaluating identity risk is a critical component to a modern Zero Trust architecture. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection calculates identity risk from over https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks and assigns a risk level, enabling the organization to apply Conditional Access policy to block or limit sign-in. Vendors are able to extend this risk-evaluation capability to their solutions using the https://learn.microsoft.com/en-us/graph/api/resources/identityprotection-overview?view=graph-rest-1.0.
|
|
Oort’s Identity Threat Detection and Response (ITDR) platform now supports integration with Azure AD Identity Protection to consume a user’s risk information and events, helping to provide broader context of your identity and access management (IAM) program. By bringing risk-level changes into the Oort’s platform, organizations can correlate identity risk across other IAM, human resource information system (HRIS), and SaaS signals to kick off remediation workflows to help respond to a potential identity threat. For more information visit https://oort.io/integrations/.
|
|
|
https://www.redvector.ai/platforms/fulcrum.html assesses the trust level of individuals based on a broad set of contextual, human behavioral, and information technology activities. In support of a Zero Trust strategy, Fulcrum now supports integration with Azure AD Identity Protection to enhance its user risk evaluation, thus allowing Fulcrum to develop a more robust and accurate trust level for the individual.
|
|
|
Tanium now integrates with Azure AD Identity Protection to help IT and security teams make enhanced conditional access decisions based on an extensive, highly flexible set of real-time device data from Tanium. Customers can deny access to non-compliant or high-risk devices and take advantage of Tanium's extensive remediation capabilities to quickly address a device's compliance or other security gaps. To learn more visit https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.tanium.com%2Fpartners%2Fmicrosoft&data=05%7C01%7CMatt.Soseman%40microsoft.com%7Cbb95e89d358e48eea7b108da9c206b46%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637993960686452539%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BZGIHL7scLshjmTX77piN%2FEmnJD%2FISO449tN3Xyt28s%3D&reserved=0.
|
Azure AD External Identities
Supporting the full extent of our customers’ Identity and Access Management needs is core to our mission. With our Azure AD External Identities products, independent software vendors have integrated and built solutions on top of our platform to enable secure and flexible solutions for authentication against your developed applications.
|
|
Azure AD B2C developers can now work with our custom policies experience to develop sophisticated authentication experiences in a GUI experience by leveraging https://www.gritiam.com/iefeditor. The IEF editor is a flowchart-based visual editor designed to allow developers to compose authentication user journeys. The solution allows authentication elements to be drag-and-dropped while also being customized within the editor experience.
|
New pre-integrated applications available in Azure AD Gallery
Finally, we continue to add more pre-integrated apps in our https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/tutorial-list. We’ve added apps that support both federated https://youtu.be/7SU5S0WtNNk, https://youtu.be/k2_fk7BY8Ow, https://aka.ms/b2cisv, and https://aka.ms/verifiedidisv. These pre-built integrations make it easier for IT Admins to configure, manage, and secure the applications you use with Azure AD. Independent software vendors can publish an application to https://www.youtube.com/watch?v=MHXm6Jwozm0 by following the instructions https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/v2-howto-app-gallery-listing. Some notable additions to our Azure AD app gallery include:
Figure 1: New notable integration
We appreciate the collaboration across the security ecosystem and look forward to more integrations in the future. Reach out to me on Twitter https://twitter.com/Sue_Bohn to share ideas or leave comments below.
Best regards,
Sue Bohn
Vice President of Product Management
Microsoft Identity Division
Twitter: https://twitter.com/Sue_Bohn
Learn more about Microsoft identity:
- Return to the Azure Active Directory Identity blog home
- Join the conversation on https://twitter.com/azuread/status/1278418103903363074 and https://www.linkedin.com/showcase/microsoft-security/
- Share product suggestions on the https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
