I am excited to share with you new guidance within our public documentation. This guidance is tailored to help you meet government and industry identity requirements using Azure Active Directory. Microsoft documents how we as a company meet many of these standards. While you can leverage our compliance, there are often “shared responsibilities” beyond what Microsoft accreditation provides. This new prescriptive guidance is designed to help you meet these identity requirements using Azure Active Directory. You can also check out the guides for cloud and Zero Trust modernization from Microsoft Federal: Mapping the Cybersecurity Executive Order Milestones”.
Many US federal agencies as well as cloud solution providers (CSPs) delivering cloud services to these agencies must meet requirements of the FedRAMP program. We anchored our guidance around the FedRAMP High baseline to cover the most stringent set of identify related controls. This approach allows customers who need to adhere to lower FedRAMP baselines to use this guidance as well.
US Government agencies will soon be required to have fully adopted multifactor authentication. Check out our resources to Enable MFA in your organization to verify explicitly as part of your Zero Trust approach.
We would love to hear more from all of you on what standards, regulations, or other compliance frameworks with identity requirements you would like to meet with Azure Active Directory. We will continue to review standards, regulations, or other compliance frameworks and where appropriate, produce guidance to help our customers meet their identity requirements using Azure Active Directory.