Microsoft is positioning itself as a partner in the U.S. government’s push toward a Zero Trust architecture, including the publication of resources designed to help organizations migrate to the cloud and adopt a Zero Trust framework and the release of Azure capabilities to help secure cloud environments.
In a new blog, Microsoft outlined several resources, guides, frameworks and more, including the newly released Zero Trust Guidance Center, Microsoft Cybersecurity Reference Architectures and a cybersecurity executive order resource for federal agencies. Those new resources are in addition to existing resources that include cloud adoption guides, Zero Trust plans, multi-factor authentication guides and more.
Microsoft said it will soon release new capabilities to help meet Zero Trust requirements: the ability to enforce phishing-resistant authentication for employees, business partners, and vendors for hybrid and multi-cloud environments, and comprehensive phishing-resistant support, including RDP scenarios.
The company did not reveal any further details about those capabilities, but in a blog, Joy Chik, corporate vice president of Microsoft Identity, pointed to two new Azure Active Directory capabilities, based on customer feedback, designed to help organizations meet the requirements outlined in President Joe Biden’s executive order on cybersecurity.
That includes cross-tenant access settings for external collaboration to give admins more control over how external users access apps and resources. This enables organizations to control how internal users collaborate with external organizations that also use Azure AD, the company says.
The capability is designed to give organizations granular inbound and outbound access control settings that work on a per org, user, group and application basis, the company says. The settings also make it possible for admins to trust security claims from external Azure AD organizations like Multi-Factor Authentication (MFA), device compliance, and hybrid Azure AD joined devices.
Microsoft also announced the public preview of cloud-native certificate-based authentication, which we covered in an article earlier this week. That offering helps customers meet phishing-resistant MFA and move toward passwordless authentication using PIV/CAC cards. Azure AD certificate-based authentication (Azure AD CBA) allows for users to authenticate using X.509 certificates on their smartcards or devices directly against Azure AD for browser and application sign-in.
“As a company that has embraced Zero Trust ourselves and supports thousands of organizations around the globe on their Zero Trust journey, Microsoft fully supports the shift to Zero Trust architectures that the Cybersecurity EO urgently calls for,” Chik writes. “We continue to partner closely with the National Institute of Standards and Technology (NIST) to develop implementation guidance by submitting position papers and contributing to communities of interest under the umbrella of the National Cybersecurity Center of Excellence (NCCoE).”
Leave a Reply