Microsoft has announced some important updates for Azure Active Directory customers. The company says that the new Azure Active Directory certificate-based authentication (Azure AD CBA) service is now available in public preview for all commercial and US Government cloud customers.
Previously, Azure Active Directory customers had to implement a federated certificate-based authentication mechanism. However, some hackers exploited this feature last year to launch espionage attacks against several organizations worldwide. The company says that the CBA feature helps organizations reduce complexity and infrastructure costs by eliminating the need to use the Active Directory Federation Services (AD FS).
“Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in. This feature enables customers to adopt a phishing resistant authentication and authenticate with an X.509 certificate against their Enterprise Public Key Infrastructure (PKI),” Microsoft explained in a support document.
Microsoft highlighted that this new Azure AD CBA support brings a couple of benefits for organizations. First of all, the feature enables customers to reduce the cost and management overhead that was previously associated with complex network configurations and on-premises federation infrastructure deployments. Moreover, it helps to improve security by allowing customers to “directly authenticate against Azure AD.” The Azure AD CBA service also provides seamless integration with Conditional Access features, including Multi-Factor Authentication.
The certificate-based authentication (CBA) preview is currently available for free for all enterprise customers, and it doesn’t require any paid Azure AD subscriptions. To get started, we invite you to check out the technical deep dive for Azure AD CBA.
Meanwhile, Microsoft is also planning to bring several new security capabilities such as “Windows smart card logon, CBA as a second factor of authentication, removal of limits on trusted issuer list, and Certificate Revocation List (CRL).”