In a company blog, Microsoft announced a public preview of certificate-based authentication (CBA) for Azure Active Directory across commercial and US Government clouds.
As part of our commitment to the US Cybersecurity Executive Order, Azure AD CBA helps Government customers easily meet phishing-resistant MFA authentication using the PIV/CAC cards. Azure AD users can authenticate using X.509 certificates on their smartcards or devices directly against Azure AD for browser and application sign-in.
Key benefits include:
- Higher security with phish resistant certificate-based authentication (the majority of the identity attacks are related to passwords)
- Easily meet the Executive Order 14028 requirements for phish resistant MFA
- Eliminate costs and risks associated with on-premises federation infrastructure
- Simplified management experience in Azure AD with granular controls
Active Directory Federation Services, a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries.