Microsoft has announced a significant enhancement to its Entra ID platform, introducing FIDO2-standard provisioning application programming interfaces that strengthen phishing-resistant security measures through mandated multi-factor authentication (MFA) for Azure users.
This allows organisations to create or use alternative administrator-led provisioning clients for setting up hardware security keys, such as YubiKeys.
The new feature addresses a long-standing gap in security protocols, particularly for diverse multinational entities and government agencies.
Previously, organisations were limited to requiring users to register their own security keys, often necessitating the use of potentially vulnerable authentication methods like Temporary Access Passes during the registration process.
"Phishing-resistant multi-factor MFA is a critical component to a healthy and secure cybersecurity practice for any organisation," Natee Pretikul, principal product management lead at Microsoft Security, said.
This update follows Microsoft's recent mandate that all Azure users have to employ multi-factor authentication.
The company has been working closely with Yubico that makes hardware security keys, to develop these new APIs.
Yubico has ensured that YubiKey provisioning integrates smoothly with this release and has shared a GitHub project demonstrating how customers can leverage the new Microsoft Graph APIs.
The collaboration between Microsoft and Yubico aims to provide a seamless, robust solution that not only enhances security but also simplifies the user experience.
YubiKeys offer strong two-factor, multi-factor, and passwordless authentication options, providing a defence against account takeovers across the Microsoft ecosystem.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
