Microsoft introduces new authentication recommendation engine for Entra

Microsoft is not entirely happy with how companies are using its identity and access management product line for enterprise clients Microsoft Entra. For many years, the tech giant has been trying to get its customers to introduce multi-factor authentication. But the adoption rates have been very low as workers are not particularly interested in adding more steps to their workflow.

The tech giant has now come up with a new solution. Customers of Microsoft Entra will be automatically enrolled into Microsoft Entra Conditional Access so-called “intelligent policy engine.” The engine gives recommendations on security settings.

The idea is to help customers figure out how to have more granular control over authentication and access, Alex Weinert, Microsoft’s Vice President for Identity Security writes in a blog post published this week.

“They’ve told us they want a clear policy recommendation that’s easy to deploy but still customizable to their specific needs. And that’s exactly what we’re providing with Microsoft-managed Conditional Access policies,” says Weinert.

Microsoft Entra, formerly known as Azure Active Directory, offers several authentication methods including passwordless solutions such as biometrics. It currently works with several biometric identity verification partners, including Jumio, Au10tix, Onfido, Idemia and more.

Microsoft Entra Conditional Access policy engine will use machine learning to automatically protect individual customers based on risk signals, licensing and usage. The system will analyze real-time signals such as user context, device, location and session risk to determine when to allow, block and limit access, or when to require additional verification steps.

The engine will start a gradual rollout next week and will give organizations 90 days to review, customize, or disable them before they turn policies on.

Microsoft says it is introducing the new product because it doesn’t want to see companies get hacked. The uptake of multifactor authentication among enterprise clients has been so sluggish that the firm decided to roll out on-by-default multi-factor authentication, called “security defaults,” which was applied to all new organizations. The company’s goal, however, is to reach 100 percent multifactor authentication, according to Weinert.

In October, Microsoft enabled customers with Entra ID-joined Windows 11 devices to switch over to passwordless authentications using a new policy option, according to Redmondmag, a blog focused on Microsoft products.

In April this year, LinkedIn and Microsoft Entra rolled out an integration that allows people with LinkedIn profiles to verify where they work online with Entra’s Verified ID. The product added Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to the Microsoft ecosystem last year.

Article Topics

biometric authentication  |  biometrics  |  enterprise  |  identity access management (IAM)  |  Microsoft  |  Microsoft Entra  |  passwordless authentication