Microsoft Simplifies Identity Management with Azure Active Directory Certificate-Based Authentication
Microsoft has announced some important updates for Azure Active Directory customers. The company says that the new Azure Active Directory certificate-based authentication (Azure AD CBA) service is now available in public preview for all commercial and US Government cloud customers.
Previously, Azure Active Directory customers had to implement a federated certificate-based authentication mechanism. However, some hackers exploited this feature last year to launch espionage attacks against several organizations worldwide. The company says that the CBA feature helps organizations reduce complexity and infrastructure costs by eliminating the need to use the Active Directory Federation Services (AD FS).
“Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in. This feature enables customers to adopt a phishing resistant authentication and authenticate with an X.509 certificate against their Enterprise Public Key Infrastructure (PKI),” Microsoft explained in a support document.
Azure Active Directory certificate-based authentication reduces the cost and management overhead
Microsoft highlighted that this new Azure AD CBA support brings a couple of benefits for organizations. First of all, the feature enables customers to reduce the cost and management overhead that was previously associated with complex network configurations and on-premises federation infrastructure deployments. Moreover, it helps to improve security by allowing customers to “directly authenticate against Azure AD.” The Azure AD CBA service also provides seamless integration with Conditional Access features, including Multi-Factor Authentication.
The certificate-based authentication (CBA) preview is currently available for free for all enterprise customers, and it doesn’t require any paid Azure AD subscriptions. To get started, we invite you to check out the technical deep dive for Azure AD CBA.
Meanwhile, Microsoft is also planning to bring several new security capabilities such as “Windows smart card logon, CBA as a second factor of authentication, removal of limits on trusted issuer list, and Certificate Revocation List (CRL).”
More in Azure Active Directory
Microsoft Now Lets IT Admins Review & Remove Inactive Azure AD Users
May 27, 2022 | Rabia Noureen
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft's Update Compliance Service Will Soon Require Azure AD
May 4, 2022 | Rabia Noureen
Azure Container Apps Add Built-In Authentication Support in Preview
Apr 28, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
Microsoft Rolls Out Dynamic Administrative Units Support for Azure AD
Apr 18, 2022 | Rabia Noureen
Most popular on petri