Microsoft and RSA Updates Focus on Identity Security in the Age of AI
Recent announcements at the RSA conference underscore a pivotal shift in enterprise identity security strategies. As artificial intelligence (AI) becomes an integral part of the workforce, organizations are called to adopt more flexible and unified identity security measures. Both Microsoft and RSA Security introduced significant updates aimed at bolstering identity security frameworks to accommodate AI agents operating alongside human employees.
Entra External MFA Reaches General Availability
Microsoft’s external Multi-Factor Authentication (MFA) feature is now generally available in Microsoft Entra ID. This development allows organizations to integrate third-party MFA providers directly into Entra ID, leveraging existing authentication infrastructures while still benefiting from Microsoft’s Conditional Access policies.
This advancement is particularly significant for enterprises that have invested in specialized MFA solutions to meet various regulatory requirements or operate in environments where Microsoft’s native MFA solutions are insufficient. Built on the OpenID Connect (OIDC) standard, external MFA is managed within the same admin console as Microsoft’s native methods, offering IT teams a unified interface for authentication management.
Importantly, logins utilizing external MFA are subject to comprehensive policy assessments, including real-time risk evaluations. Microsoft advises that while aligning authentication challenges with business objectives is crucial, overly aggressive re-authentication could inadvertently heighten phishing risks by prompting users to approve challenges without thorough review.
Microsoft’s research indicates a compelling case for wider MFA adoption, revealing that MFA can reduce account compromise risks by over 99%. The external MFA feature extends this protection to organizations whose authentication ecosystems are outside Microsoft’s native framework.
RSA’s Commitment to Securing the AI Workforce
In conjunction with the launch of Microsoft 365 E7: The Frontier Suite, RSA Security announced an expanded partnership with Microsoft. The suite includes Microsoft 365 productivity tools, Microsoft Copilot, Entra identity services, and Agent 365, a governance platform for AI agents. RSA’s ID Plus offering is positioned as an identity trust layer enhancing this platform.
The premise of RSA’s announcement is straightforward yet increasingly critical: as AI agents begin executing automated workflows, accessing sensitive data, and operating with privileged access, identity management systems must extend beyond human users. Research indicates that non-human identities now outnumber human users by a factor of 17.
RSA’s identity trust layer for the E7 suite encompasses three main areas: highly secure, phishing-resistant authentication for human users; risk intelligence for assessing contextual signals to identify suspicious access attempts; and secure access controls for privileged operations as AI agents undertake more autonomous tasks.
Furthermore, RSA confirmed its availability as an external MFA provider through Microsoft’s new GA framework, Entra. This means organizations can seamlessly integrate RSA authentication into Entra configurations via external MFA integration.
Implications for IT Professionals
For administrators managing hybrid environments with legacy MFA investments, Entra’s external MFA GA offers a streamlined migration path, replacing the older custom controls approach. With the Custom Controls hiring deadline set for September 2026, planning should commence immediately.
On RSA’s front, the E7 integration narrative is more forward-looking. While AI agents as enterprise employees represent an emerging model, it’s advancing rapidly, necessitating proactive strategies from identity teams. Gartner predicts that by 2028, 33% of enterprise applications will incorporate agentic AI, a substantial increase from less than 1% in 2024. Establishing security frameworks to govern these agents, including consistent identity controls akin to those for human users, will be a critical IT challenge in the near future.
For more information, visit the source link Here.
“`
