Microsoft Simplifies Identity Management with Azure Active Directory Certificate-Based Authentication
Microsoft has announced some important updates for Azure Active Directory customers. The company says that the new Azure Active Directory certificate-based authentication (Azure AD CBA) service is now available in public preview for all commercial and US Government cloud customers.
Previously, Azure Active Directory customers had to implement a federated certificate-based authentication mechanism. However, some hackers exploited this feature last year to launch espionage attacks against several organizations worldwide. The company says that the CBA feature helps organizations reduce complexity and infrastructure costs by eliminating the need to use the Active Directory Federation Services (AD FS).
“Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in. This feature enables customers to adopt a phishing resistant authentication and authenticate with an X.509 certificate against their Enterprise Public Key Infrastructure (PKI),” Microsoft explained in a support document.
Azure Active Directory certificate-based authentication reduces the cost and management overhead
Microsoft highlighted that this new Azure AD CBA support brings a couple of benefits for organizations. First of all, the feature enables customers to reduce the cost and management overhead that was previously associated with complex network configurations and on-premises federation infrastructure deployments. Moreover, it helps to improve security by allowing customers to “directly authenticate against Azure AD.” The Azure AD CBA service also provides seamless integration with Conditional Access features, including Multi-Factor Authentication.
The certificate-based authentication (CBA) preview is currently available for free for all enterprise customers, and it doesn’t require any paid Azure AD subscriptions. To get started, we invite you to check out the technical deep dive for Azure AD CBA.
Meanwhile, Microsoft is also planning to bring several new security capabilities such as “Windows smart card logon, CBA as a second factor of authentication, removal of limits on trusted issuer list, and Certificate Revocation List (CRL).”
More in Azure Active Directory
Microsoft Releases Azure AD Certificate-Based Authentication Support on iOS and Android
Nov 2, 2022 | Rabia Noureen
Azure AD Conditional Access Policies Get Support for App Filters
Nov 1, 2022 | Rabia Noureen
Budget for Operational Resilience in 2023
Oct 20, 2022 | Russell Smith
Microsoft Adds Authentication Strength Support to Conditional Access Policies
Oct 17, 2022 | Rabia Noureen
Azure Active Directory Premium P1 vs. P2: A Features Comparison
Oct 14, 2022 | Arian Modiramani
Microsoft Blocks Unmanaged Azure AD Guest Accounts
Sep 6, 2022 | Rabia Noureen
Most popular on petri