Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft announced a plan for change regarding Azure MFA.
Microsoft is planning to replace the current Custom controls (preview) in Conditional Access with an approach that allows partner-provided authentication capabilities to work seamlessly with the Azure Active Directory administrator and end user experiences.
What’s the experience today
Custom controls in Conditional Access are in Public Preview since December 17, 2018. This functionality gives organizations the ability to integrate 3rd-party services as controls in Conditional Access, including MFA services from RSA, Duo Security, Trusona and SecureAuth:
Today, 3rd-party MFA solutions face the following limitations:
- They work only after a password has been entered
- They don’t serve as MFA for step-up authentication in other key scenarios
- They don’t integrate with end user or administrative credential management functions
Today, 3rd-party MFA partner integration is a feature that requires Azure AD Premium P1 subscription licenses.
The new implementation will allow partner-provided authentication factors to work alongside built-in factors for key scenarios, including:
- MFA claims
- Step-up authentication
Custom controls will continue to be supported in Public Preview alongside the new design until the new design reaches General Availability. At that point, Microsoft will give organizations time to migrate to the new design.
What this means
Starting with this announced preview, organizations can use their existing 3rd-party MFA investments with Azure Active Directory. When the functionality reaches General Availability, they can use 3rd-party MFA in production for far more scenario’s than they can currently.
There is currently no information on changes in licensing for the functionality. During the preview phase, it is safe to assume the license requirements remain the same.