I’m always excited to share the great work our Azure Active Directory (Azure AD) Alliances team has been doing. Leading up to Microsoft Ignite this year, the team has been hard at work collaborating with a wide range of technology vendors to extend our Azure AD capabilities and give our customers more options to be secure. As you will see below, these integrations support both new and existing business critical motions, including certificate-based authentication, Zero Trust, external identities, and more.
Supporting phishing-resistant authentication
Supporting phishing-resistant authentication methods is core to our mission to protect users against account compromise. In her earlier Ignite session, Joy Chik, President of Identity and Network Access, announced that certificate-based authentication (CBA) is generally available in Microsoft Entra, along with Conditional Access Authentication Strength public preview. These vendors have integrated with Azure AD to enable secure and phishing-resistant options for authentication.
Axiad Cloud automates the provisioning of a wide range of multifactor authentication credentials with Azure AD, including CBA with public key infrastructure (PKI), without requiring any on-premises dependencies. This makes it easier for Microsoft users to move to the cloud from on-prem solutions. To learn more about Axiad’s support of Azure Active Directory, visit theAzure Marketplaceor ourupcoming webinar.
Based on configuration as code,Simeon Cloudallows administrators to enforce multifactor authentication (MFA) with Conditional Access policies in all tenants easily. Simeon’s software allows administrators to deploy policies centrally, monitor changes, and view policy compliance holistically across all the tenants.
With General Availability of Azure AD CBA, Azure AD customers can bring their public key infrastructure (PKI) to Azure AD and allow users with smart card certificates secured withYubiKeysto sign into Azure AD-protected Windows workstations and applications. Additionally, Microsoft’s new Conditional Access Authentication Strength capability will enable organizations to deploy policies that require users to use phishing-resistant authentication, and they can do so with a YubiKey.
Supporting our customers’ Zero Trust journey
One of our top requests from customers is to help them adopt aZero Trust strategy. We've spent years building our Zero Trust approach internally at Microsoft, and by working together with vendors,we expanded the available integrationsto organizations to support their own Zero Trust journey while continuing to get value from Microsoft Entra.
Support explicit verification for legacy applications
Many business applications were created to work in a protected corporate network and may use legacy authentication methods. As you can see from the following integrations, independent software vendors can createSecure Hybrid Accesssolutions that connect apps to Azure AD and provide modern authentication solutions for legacy applications.
Enforcing least-privilege for non-human identities
It’s important to monitor and limit access for non-human identities, such as apps and services that are running without signed-in users. Independent software vendors can help expand the toolset we have available for customers to manage access of non-human identities.
By utilizing Microsoft Graph APIs and Azure AD audit logs,Valencehelps customers enforce the Zero Trust principle of least-privilege by correlating multiple data sources to provide one viewpoint into the enterprise applications, service principals, OAuth tokens, and APIs that have access to Microsoft’s SaaS services. Valence is nowavailablein the Azure AD app gallery, along with atutorialfor integrating it with your Azure AD tenant. Learn more about this integration on theirblog.
Oort’s Identity Threat Detection and Response (ITDR) platform now supports integration with Azure AD Identity Protection to consume a user’s risk information and events, helping to provide broader context of your identity and access management (IAM) program. By bringing risk-level changes into the Oort’s platform, organizations can correlate identity risk across other IAM, human resource information system (HRIS), and SaaS signals to kick off remediation workflows to help respond to a potential identity threat. For more information visithttps://oort.io/integrations/.
Red Vector’s Fulcrum platformassesses the trust level of individuals based on a broad set of contextual, human behavioral, and information technology activities. In support of a Zero Trust strategy, Fulcrum now supports integration with Azure AD Identity Protection to enhance its user risk evaluation, thus allowing Fulcrum to develop a more robust and accurate trust level for the individual.
Tanium now integrates with Azure AD Identity Protection to help IT and security teams make enhanced conditional access decisions based on an extensive, highly flexible set of real-time device data from Tanium. Customers can deny access to non-compliant or high-risk devices and take advantage of Tanium's extensive remediation capabilities to quickly address a device's compliance or other security gaps. To learn more visit https://www.tanium.com/partners/microsoft.
Azure AD External Identities
Supporting the full extent of our customers’ Identity and Access Management needs is core to our mission. With our Azure AD External Identities products, independent software vendors have integrated and built solutions on top of our platform to enable secure and flexible solutions for authentication against your developed applications.
Azure AD B2C developers can now work with our custom policies experience to develop sophisticated authentication experiences in a GUI experience by leveragingGrit Software Systems IEF editor. The IEF editor is a flowchart-based visual editor designed to allow developers to compose authentication user journeys. The solution allows authentication elements to be drag-and-dropped while also being customized within the editor experience.
New pre-integrated applications available in Azure AD Gallery
Finally, we continue to add more pre-integrated apps in ourAzure AD App gallery. We’ve added apps that support both federatedsingle sign-on (SSO),provisioning connectors,B2C, andVerified ID. These pre-built integrations make it easier for IT Admins to configure, manage, and secure the applications you use with Azure AD. Independent software vendors can publish an application toAzure AD Galleryby following the instructionshere. Some notable additions to our Azure AD app gallery include:
Figure 1: New notable integration
We appreciate the collaboration across the security ecosystem and look forward to more integrations in the future. Reach out to me on Twitter @Sue_Bohn to share ideas or leave comments below.