Microsoft announced the public preview of Azure Active Directory Certificate-Based Authentication (CBA) back in February. Now, the software giant has released some enhancements for the new service based on customer feedback.
Certificate-based authentication (CBA) is a robust service that lets organizations validate a user’s identity with X.509 certificates against Azure Active Directory (Azure AD). It eliminates the need to use a federation service, like the Active Directory Federation Service (ADFS). This helps to simplify management and reduce infrastructure costs in enterprise environments.
Microsoft has launched a new Azure portal that makes it easier to configure certificate authorities. Instead of using PowerShell, IT Pros can now use the Azure Portal to upload certificate authorities to Azure AD, view them, and delete invalid CAs. It is also possible to easily view the validity of these certificates.
Microsoft has added a new feature that lets users authenticate on Windows 11 22H2 PCs via X.509 certificates on smartcards. This release provides joined or hybrid-joined devices with single sign-on access to all Azure AD integrated apps. Microsoft also plans to bring this feature to all Windows 10 and Windows Server machines in upcoming releases.
The latest Azure AD CBA update also brings support for certificates provisioned on users’ iOS and Android devices. This capability is currently available for native browsers and select Microsoft apps. These include Microsoft Teams, OneDrive, Outlook, Office mobile apps, the Azure Information Protection app, and the Microsoft Intune Company Portal, and more.
Microsoft is working to bring more features to its Azure AD CBA service in the future, including support for external smart cards on mobile devices and non-routable UPNs. The Azure AD CBA service is available for free for all Azure AD customers. If you’re interested, you can learn more about the prerequisites and configuration details on this support page.