Blog Post

Microsoft Entra Blog
6 MIN READ

New Azure Active Directory integrations that strengthen your security

Sue Bohn's avatar
Sue Bohn
Icon for Microsoft rankMicrosoft
Oct 13, 2022

I’m always excited to share the great work our Azure Active Directory (Azure AD) Alliances team has been doing. Leading up to Microsoft Ignite this year, the team has been hard at work collaborating with a wide range of technology vendors to extend our Azure AD capabilities and give our customers more options to be secure. As you will see below, these integrations support both new and existing business critical motions, including certificate-based authentication, Zero Trust, external identities, and more.

 

Supporting phishing-resistant authentication

Supporting phishing-resistant authentication methods is core to our mission to protect users against account compromise. In her earlier Ignite session, Joy Chik, President of Identity and Network Access, announced that certificate-based authentication (CBA) is generally available in Microsoft Entra, along with Conditional Access Authentication Strength public preview. These vendors have integrated with Azure AD to enable secure and phishing-resistant options for authentication.

 

 

 

Axiad Cloud automates the provisioning of a wide range of multifactor authentication credentials with Azure AD, including CBA with public key infrastructure (PKI), without requiring any on-premises dependencies. This makes it easier for Microsoft users to move to the cloud from on-prem solutions. To learn more about Axiad’s support of Azure Active Directory, visit the Azure Marketplace or our upcoming webinar.

 

 

 

HID and Azure Active Directory (Azure AD) Certificate-Based Authentication (CBA) enable the tens of millions of identities already leveraging x.509 (PKI) digital certificates to natively authenticate to Azure AD and any applications protected by it. This integration makes certificate-based authentication easier to deploy while simplifying remote management of credential lifecycles.

 

 

 

Based on configuration as code, Simeon Cloud allows administrators to enforce multifactor authentication (MFA) with Conditional Access policies in all tenants easily. Simeon’s software allows administrators to deploy policies centrally, monitor changes, and view policy compliance holistically across all the tenants.

 

 

 

 

 

 

With the new Azure AD cloud-native CBA support, Microsoft customers can use X.509 certificate-based Tokens, Smart cards, and FIDO2 devices provided by MISA member Thales Group. By supporting multiple-use cases in one single device, Thales allows organizations to extend high assurance access to the cloud while building on their existing environments.

 

 

 

With General Availability of Azure AD CBA, Azure AD customers can bring their public key infrastructure (PKI) to Azure AD and allow users with smart card certificates secured with YubiKeys to sign into Azure AD-protected Windows workstations and applications. Additionally, Microsoft’s new Conditional Access Authentication Strength capability will enable organizations to deploy policies that require users to use phishing-resistant authentication, and they can do so with a YubiKey.

 

 

 

Supporting our customers’ Zero Trust journey

One of our top requests from customers is to help them adopt a Zero Trust strategy. We've spent years building our Zero Trust approach internally at Microsoft, and by working together with vendors, we expanded the available integrations to organizations to support their own Zero Trust journey while continuing to get value from Microsoft Entra.

 

Support explicit verification for legacy applications

Many business applications were created to work in a protected corporate network and may use legacy authentication methods. As you can see from the following integrations, independent software vendors can create Secure Hybrid Access solutions that connect apps to Azure AD and provide modern authentication solutions for legacy applications.

 

 

 

Cloudflare has completed Azure AD and B2C integrations and is now a member of Secure Hybrid Access Partnerships. This integration helps our customers achieve advanced security for legacy and Azure-hosted applications by securing web applications and safeguarding employees with identity and device protections. Cloudflare’s deep relationship with Microsoft helps organizations seamlessly enhance their Enterprise security and take the next step in their Zero Trust journey.

 

 

 

Microsoft and Datawiza collaborated to provide new integration with Microsoft 365 that allows businesses to deploy multifactor authentication (MFA) for mission-critical Oracle business applications. In just a few minutes, without coding, Datawiza can be deployed and configured and begin requiring MFA, as well as single sign-on (SSO) and Conditional Access, to log into any application – from Oracle applications to homegrown applications to open-source tools.

 

 

 

Enforcing least-privilege for non-human identities

It’s important to monitor and limit access for non-human identities, such as apps and services that are running without signed-in users. Independent software vendors can help expand the toolset we have available for customers to manage access of non-human identities.

 

 

 

By utilizing Microsoft Graph APIs and Azure AD audit logs, Valence helps customers enforce the Zero Trust principle of least-privilege by correlating multiple data sources to provide one viewpoint into the enterprise applications, service principals, OAuth tokens, and APIs that have access to Microsoft’s SaaS services. Valence is now available in the Azure AD app gallery, along with a tutorial for integrating it with your Azure AD tenant. Learn more about this integration on their blog.

 

 

 

Assume breach and evaluate identity risk

Evaluating identity risk is a critical component to a modern Zero Trust architecture. Azure AD Identity Protection calculates identity risk from over 20+ real-time and offline detections and assigns a risk level, enabling the organization to apply Conditional Access policy to block or limit sign-in. Vendors are able to extend this risk-evaluation capability to their solutions using the Microsoft Graph identity protection APIs.

 

 

 

Oort’s Identity Threat Detection and Response (ITDR) platform now supports integration with Azure AD Identity Protection to consume a user’s risk information and events, helping to provide broader context of your identity and access management (IAM) program. By bringing risk-level changes into the Oort’s platform, organizations can correlate identity risk across other IAM, human resource information system (HRIS), and SaaS signals to kick off remediation workflows to help respond to a potential identity threat. For more information visit https://oort.io/integrations/.

 

 

 

Red Vector’s Fulcrum platform assesses the trust level of individuals based on a broad set of contextual, human behavioral, and information technology activities. In support of a Zero Trust strategy, Fulcrum now supports integration with Azure AD Identity Protection to enhance its user risk evaluation, thus allowing Fulcrum to develop a more robust and accurate trust level for the individual.

 

 

 

 

Tanium now integrates with Azure AD Identity Protection to help IT and security teams make enhanced conditional access decisions based on an extensive, highly flexible set of real-time device data from Tanium. Customers can deny access to non-compliant or high-risk devices and take advantage of Tanium's extensive remediation capabilities to quickly address a device's compliance or other security gaps. To learn more visit https://www.tanium.com/partners/microsoft.

 

 

 

Azure AD External Identities

Supporting the full extent of our customers’ Identity and Access Management needs is core to our mission. With our Azure AD External Identities products, independent software vendors have integrated and built solutions on top of our platform to enable secure and flexible solutions for authentication against your developed applications.

 

 

 

Azure AD B2C developers can now work with our custom policies experience to develop sophisticated authentication experiences in a GUI experience by leveraging Grit Software Systems IEF editor. The IEF editor is a flowchart-based visual editor designed to allow developers to compose authentication user journeys. The solution allows authentication elements to be drag-and-dropped while also being customized within the editor experience.

 

 

 

New pre-integrated applications available in Azure AD Gallery

Finally, we continue to add more pre-integrated apps in our Azure AD App gallery. We’ve added apps that support both federated single sign-on (SSO), provisioning connectors, B2C, and Verified ID. These pre-built integrations make it easier for IT Admins to configure, manage, and secure the applications you use with Azure AD. Independent software vendors can publish an application to Azure AD Gallery by following the instructions here. Some notable additions to our Azure AD app gallery include:

 

 

Figure 1: New notable integration

 

 

 

We appreciate the collaboration across the security ecosystem and look forward to more integrations in the future. Reach out to me on Twitter @Sue_Bohn to share ideas or leave comments below.

 

Best regards,

Sue Bohn

Vice President of Product Management

Microsoft Identity Division

Twitter: @Sue_Bohn

 

 

 

Learn more about Microsoft identity:

Updated Oct 16, 2022
Version 4.0