Microsoft Entra ID: Support for MFA by third-party providers (Preview May 2024)

Posted on 2024-06-01 by guenni

[German]Small addendum that has been pending since the beginning of May 2024. Microsoft Entra ID now supports third-party MFA providers such as RSA, Duo, Ping and others. Microsoft announced this back in early May 2024 in a tech community post. The whole thing is still in preview and has been available since mid-May 2024. There is also an article on how MFA logs help to detect attacks.

Advertising

Support for MFA from third-party providers

I came across this information via various tweets. The following tweet by Alex Simons refers to the Techcommunity article Public preview: External authentication methods in Microsoft Entra ID.

Microsoft Entra ID MFA Support

Microsoft has implemented external authentication methods in Microsoft Entra ID, which should be available in the meantime. This feature is intended to enable administrators to use the preferred multifactor authentication (MFA) solution in Entra ID. The use of MFA is the most important step in securing user identities, writes Microsoft.

A study by Microsoft Research on the effectiveness of MFA has shown that using MFA reduces the risk of compromise by more than 99.2%! Some organizations have already implemented MFA and want to reuse this MFA solution with Entra ID.

External authentication methods allow organizations to reuse any MFA solution to meet MFA requirements with Entra ID. The whole thing is still in preview, the details can be found in the relevant blog post.

Advertising

Evaluate MFA logs

Threat actors are constantly looking for ways to compromise cloud accounts in order to access sensitive data. One of the common and highly effective methods attackers use is to change the multi-factor authentication (MFA) properties for users in compromised tenants. This allows the attacker to fulfill MFA requirements, disable MFA for other users, or enroll new devices for MFA.

Some of these changes can be difficult to detect and monitor as they are usually performed as part of standard help desk processes and can get lost in the noise of other directory activity in the Microsoft Entra audit log.

On May 29, 2024, there was also the addendum Hunting for MFA manipulations in Entra ID tenants using KQL in the Microsoft Techcommunity with further information on how to evaluate MFA logs. Perhaps of interest to some administrators.

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).