Microsoft and RSA Advance Identity Security in the Age of AI
As enterprises navigate the evolving landscape of AI and identity security, two major announcements from the recent RSA conference underscore the need for a more flexible and unified approach. Microsoft and RSA are at the forefront, each unveiling strategies to bolster identity security as AI agents increasingly work alongside human employees.
Entra External MFA Reaches General Availability
At the RSA conference, Microsoft announced the general availability of its external Multi-Factor Authentication (MFA) support in Microsoft Entra ID. This development allows organizations to integrate third-party MFA providers directly into Entra ID, maintaining their existing authentication infrastructure while still leveraging Microsoft’s Conditional Access policies.
This is a significant advancement for companies that have invested in specialized MFA solutions to meet regulatory requirements or manage complex environments. Built on the OpenID Connect (OIDC) standard, external MFA operates within the same admin console as Microsoft’s native methods, offering IT teams a unified interface for all authentication management.
Microsoft emphasizes the importance of MFA, citing research that indicates a 99% reduction in account compromise risk with its use. The external MFA feature extends this protection to organizations outside Microsoft’s ecosystem, ensuring robust security across diverse authentication stacks.
RSA’s Commitment to Securing the AI Workforce
Simultaneously, RSA Security has announced an expanded partnership with Microsoft, focusing on what it calls an “AI workforce.” This initiative is linked to Microsoft’s newly launched Microsoft 365 E7: The Frontier Suite, which includes productivity tools, Microsoft Copilot, Entra identity services, and Agent 365, a governance platform for AI agents.
RSA is positioning its ID Plus offering as an identity trust layer within this platform. The need for such a layer is urgent as AI agents begin executing automated workflows, accessing sensitive data, and operating with privileged access within enterprise systems. Current research indicates that non-human identities outnumber human users by a factor of 17, highlighting the growing importance of securing AI operations.
The ID Plus identity trust layer for the E7 suite encompasses three key areas: highly secure, phishing-resistant authentication for human users; risk intelligence to flag suspicious access attempts; and secure access controls for privileged operations as AI agents take on more autonomous tasks. Additionally, RSA is available as an external MFA provider through Microsoft’s new Entra GA framework, enabling direct integration into Entra configurations.
What It Means for IT Professionals
For IT administrators managing hybrid environments with legacy MFA investments, the general availability of Entra’s external MFA provides a streamlined migration path compared to the legacy custom controls approach it replaces. With the custom controls hiring deadline set for September 2026, planning should begin now.
RSA’s integration with the E7 suite represents a forward-looking approach to identity security. While AI agents as enterprise employees remain an emerging model, the market is rapidly evolving. Gartner predicts that by 2028, 33% of enterprise applications will incorporate agentic AI, up from less than 1% in 2024. Establishing security frameworks to govern these agents, including consistent identity controls that mirror those for human users, will be a critical IT challenge in the near future.
For further details, visit the source link: Here
“`
