Microsoft Azure AD Adopts Certificate Based Authentication

Date: 2022-02-21
Author: Anders Adolfsson, vSEC:CMS Product Manager

Next >> A Year In Review

Previous << vSECCMS62 Client Repository

Last Monday, Microsoft Corporation announced a public preview of Azure Active Directory certificate-based authentication (CBA), now known as Azure AD CBA. No longer is the federated identity provider (IdP) ADFS required. With Azure AD CBA, Microsoft Azure customers will be able to authenticate directly against Azure AD, with an X.509 certificate from their Enterprise Public Key Infrastructure (PKI). Removing the federated identity provider simplifies the system architecture, bringing not only cost-savings but also combatting security threats and incidents.

Using vSEC:CMS you can now easily issue enterprise PKI credentials that can be used to authenticate to Azure AD - a feature that has long been requested by Versasec’s customers. Below is a short video presentation of this feature:

Just seven months after Microsoft announced an investment goal of USD $20 billion as part of their commitment to US Cybersecurity Executive Order, among the top of their list, Microsoft is allowing users to access commercials and U.S. Government clouds through certificate-based management. At the Public Preview, Vimala Ranganathan, Product Manager of Identity Security team at Microsoft mentioned four key benefits of the implementation of CBA:

  • Higher security considering the majority of the identity attacks are related to passwords
  • Easily meet Executive Order 14028 requirements for phish resistant MFA
  • Eliminate costs and risks associated with on-premises federation infrastructure
  • Simplified management experience in Azure AD with granular controls

Multi-Factor Authentication

“Strong PKI authentication provides verifiable security by complying with various security regulations in the market. This provides users with a strong level of trust in the industry. It enables organizations to use applications easily and ensure their data is secured and compliant with security regulations around the globe,” states Technical Leader of Versasec, John Asan. Versasec’s software is a strong participant in the movement towards zero trust ecosystems and a leader in credential management systems.

Compared to other Multi-Factor Authentication (MFA) options, with Public Key Infrastructure (PKI) and a Credential Management System (CMS), companies and organizations can benefit from enterprise management of the MFA device (smart cards, USB tokens and virtual smart cards) that allows for:

  • Remote issuance
  • PIN management
  • Self-issuance
  • Revocation
  • Multiple use cases with the same credential
  • Batch enrollment
  • Industry standardized proven architecture
  • Cloud native, hybrid or on prem deployed

vSEC:CMS for Managing PKI Credentials

Versasec’s Credential Management System vSEC:CMS offers a new approach for managing physical and virtual credentials. Our flagship product empowers organizations of all sizes to deploy and manage credentials quickly and efficiently. The client/server-based system streamlines all aspects of credentials management by easily connecting to enterprise directories, certificate authorities, smart card printers, external databases, physical access control systems, and more. Its PKI capabilities lets companies take advantage of powerful applications that require and demand the highest level of security.

“We are very pleased that Microsoft is moving forward with the preview of CBA in AAD. We see great interest in certificate based authentication and a demand in lifecycle management solutions. This is a more enterprise-friendly and scalable solution than the previous ADFS setup,” Joakim Thorén, CEO of Versasec responded to the preview of CBA in AAD.

To learn more about certificate based authentication, our credential management system, zero trust, PKI, MFA and how Versasec can help, please reach out for a conversation by clicking here.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact. To learn more, bookmark our blog![more]