Microsoft Simplifies Identity Management with Azure Active Directory Certificate-Based Authentication
Microsoft has announced some important updates for Azure Active Directory customers. The company says that the new Azure Active Directory certificate-based authentication (Azure AD CBA) service is now available in public preview for all commercial and US Government cloud customers.
Previously, Azure Active Directory customers had to implement a federated certificate-based authentication mechanism. However, some hackers exploited this feature last year to launch espionage attacks against several organizations worldwide. The company says that the CBA feature helps organizations reduce complexity and infrastructure costs by eliminating the need to use the Active Directory Federation Services (AD FS).
“Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in. This feature enables customers to adopt a phishing resistant authentication and authenticate with an X.509 certificate against their Enterprise Public Key Infrastructure (PKI),” Microsoft explained in a support document.
Azure Active Directory certificate-based authentication reduces the cost and management overhead
Microsoft highlighted that this new Azure AD CBA support brings a couple of benefits for organizations. First of all, the feature enables customers to reduce the cost and management overhead that was previously associated with complex network configurations and on-premises federation infrastructure deployments. Moreover, it helps to improve security by allowing customers to “directly authenticate against Azure AD.” The Azure AD CBA service also provides seamless integration with Conditional Access features, including Multi-Factor Authentication.
The certificate-based authentication (CBA) preview is currently available for free for all enterprise customers, and it doesn’t require any paid Azure AD subscriptions. To get started, we invite you to check out the technical deep dive for Azure AD CBA.
Meanwhile, Microsoft is also planning to bring several new security capabilities such as “Windows smart card logon, CBA as a second factor of authentication, removal of limits on trusted issuer list, and Certificate Revocation List (CRL).”
More in Azure Active Directory
Microsoft Entra Verified ID Now Lets Users Recover Lost Credentials
Jun 23, 2022 | Rabia Noureen
IT Admins Get New Features for Managing Microsoft 365 App Updates
Jun 21, 2022 | Rabia Noureen
Microsoft's Out-Of-Band Patch Fixes Microsoft 365 and Azure AD Sign-In Issues on ARM Devices
Jun 21, 2022 | Rabia Noureen
Microsoft is Investigating Sign-In Issues Affecting Microsoft 365 and Azure AD on ARM Devices
Jun 20, 2022 | Rabia Noureen
Why You Should Restrict Access to Office 365 Using Microsoft Conditional Access Policies
Jun 15, 2022 | Liam Cleary
Microsoft Entra Workload Identities Service Brings New Features for Securing Apps and Services
Jun 13, 2022 | Rabia Noureen
Most popular on petri