Microsoft To Expand Support for Partner-Built MFA in Azure AD

Microsoft recently suggested that it plans to improve the ability of organizations to use non-Microsoft ("third-party") multifactor authentication (MFA) solutions with the Microsoft Azure AD service.

MFA is a security precaution that enforces the use of an alternative means of verifying a user's identity besides a password, typically by making the user enter a PIN or respond to an automated phone call.

Customers have told Microsoft that its current support for partner-built MFA solutions is "too limited," explained Alex Simons, corporate vice president of the Microsoft Identity Division. The current support itself is a preview where Microsoft extends "Conditional Access through custom controls," but that approach will get replaced, according to Simons.

"We are planning to replace the current preview with an approach which will allow partner-provided authentication capabilities to work seamlessly with the Azure AD administrator and end user experiences. Today, partner MFA solutions can only function after a password has been entered, don't serve as MFA for step-up authentication on other key scenarios, and don't integrate with end user or administrative credential management functions," Simons said.

"The new implementation will allow partner-provided authentication factors to work alongside built-in factors for key scenarios including registration, usage, MFA claims, step-up authentication, reporting, and logging."

Microsoft isn't saying when this new approach to support partner MFA solutions on Azure AD will arrive.

In the meantime, it'll continue to offer the old preview approach until the new design reaches "general availability" commercial release, Simons indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.