1. Attend my keynote

Alex Simons, Corporate Vice President, Identity Program Management

I’m honored to be delivering a keynote address from 8∶30 AM to 9∶00 AM Mountain Time on Wednesday, June 22, 2022, in the Aurora Ballroom at the convention center. During my “Open Standards and the Identity Trust Fabric” keynote, I’ll share our vision for the future of identity, and highlight critical open standards efforts that will form the foundation of the identity trust fabric we need to secure the hybrid, multicloud, decentralized world of tomorrow.

I don’t want to give too much away but can share a few hints. Expect to hear my thoughts on privacy and portability (they’re a priority!), on cross-cloud (it exists and is important!), and on the ability to secure this new infused world (it’s possible!). And of course, there will be a demo!

2. Check out our Microsoft-sponsored sessions

From left to right: Principal Product Manager David Gregory, Principal Program Manager Ramiro Calderon, Principal Program Manager for Decentralized Identity Ankur Patel, and Senior Product Manager Nick Wryter.

We’re sponsoring a few sessions in the main theater at the conference:

• Microsoft Presents: Upgrade from AD FS to Azure AD cloud auth: We led a session on this topic in 2020. In this 25-minute session, Microsoft Principal Product Manager David Gregory and Microsoft Principal Program Manager Ramiro Calderon will explore how the accelerated digital transformation that started in 2020 exposed the challenges of using on-premises federation servers.
• Faster onboarding with verifiable credentials: In this 15-minute session in Theater 1 on the Expo floor, Microsoft Principal Program Manager for Decentralized Identity Ankur Patel pulls back the curtain on verified ID to reveal a simpler, cost-saving approach to onboarding.  
• Evaluating your identity risks with a comprehensive cloud infrastructure assessment: During this 15-minute session in Theater 2 on the Expo floor, Senior Product Manager Nick Wryter will discuss how a cloud infrastructure assessment and machine learning-based detection can help companies identify top risks across workloads.

3. Enjoy conversations with us

If you’re like us, you’ve missed in-person events like Identiverse. As appreciative as I am of fast-acting planners who took in-person conferences virtual, I’m thrilled to meet face-to-face again—as are the other members of the Microsoft team. We’ll be attending all Identiverse receptions and are excited to meet people who share our interest in identity:

• Welcome reception and Expo Hall Grand Opening—6∶00 PM to 8∶00 PM Mountain Time on Tuesday, June 21, 2022.
• Speaker Reception—8∶00 PM to 9∶00 PM Mountain Time on Tuesday, June 21, 2022.
• Expo Hall Reception—5∶00 PM to 7∶00 PM Mountain Time on Wednesday, June 22, 2022.
• Expo Hall Reception—6∶00 PM to 10∶00 PM Mountain Time on Thursday, June 23, 2022.

Hope to see you at one or more of these networking opportunities!

4. Visit us in Expo Booth #1215

Speaking of how much we enjoy face-to-face conversations, we’ll be in Booth #1215 in the Expo Hall throughout the conference, not far from the VIP meeting lounge. In our booth, you can chat with our solution experts and schedule a private meeting with Microsoft in our hospitality suite. (Complete this form to schedule a meeting with Microsoft executives.)

Curious about Azure Active Directory (Azure AD), part of Microsoft Entra; Microsoft Entra Permissions Management; or Microsoft Entra Verified ID? See these Microsoft identity solutions in action at one of three demo stations in our booth.

5. Attend Microsoft earned sessions

Microsoft will deliver more than a dozen sessions at Identiverse. Topics will include verifiable credentials, OAuth demonstration of proof of possession, the impact of Zero Trust standards, and how novel identity attacks bypass your defenses. Session highlights include:

• Hey FIDO, Meet Passkey!: 5∶30 PM to 5∶55 PM Mountain Time on Tuesday, June 21, 2022—Microsoft Digital Identity Standards Architect Tim Cappalli and Microsoft Senior Program Manager Scott Bingham will introduce the big question: What would it take to rid the world of passwords? They’ll dive deep into the evolving landscape for strong, phishing-resistant authentication and into the security properties that enable passkeys to be used across consumer and enterprise use cases.
• As Diverse as Our Adversaries: The Mandate, Challenges and Opportunities of Diversifying Leadership in Identity: 4∶10 PM to 5∶00 PM Mountain Time on Wednesday, June 22, 2022—Microsoft Director of Identity Security Alexander Weinert and Microsoft Principal Product Manager Nicole Hart will discuss the importance of defenders matching—or even exceeding—the diversity of organizations attacking identity systems. They’ll also talk about the challenges of finding, hiring, and retaining talent and what it means to “go first” as a diverse leader in identity.
• Beg, Borrow, or Steal: MFA Compromise on the Rise: 4∶00 PM to 4∶25 PM Mountain Time on Thursday, June 23, 2022—Microsoft Senior Program Manager Sarah Handler and Senior Data Scientist Sergio Romero will share stories of attacks leveraging multifactor authentication through phishing, token replay, and abusing multifactor authentication fatigue. They’ll offer ways for organizations to reduce their risk and considerations for the industry to strengthen authentication in the future.

Looking forward to seeing you at Identiverse!

There’s so much to see and do at Identiverse while surrounded by the brightest minds in the identity space. I’m looking forward to meeting as many attendees as possible and hope you’re among them!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post 5 ways to connect with Microsoft Security at Identiverse 2022 appeared first on Microsoft Security Blog.

None of this is possible without you, our passionate customers. You help shape our vision and roadmap, and it is your short- and long-term priorities that guide our investments for a comprehensive identity solution. We value your partnership as we work together on adapting to hybrid work and defending against advanced and persistent threats. As your needs continue to evolve, these emerging trends are shaping our product vision:

1. Zero Trust drives deeper integration of access control across digital environments

As cyberattacks intensify and attackers explore seams in cyber defenses, it is increasingly important to protect your digital environments end-to-end. A Zero Trust strategy is a business necessity in order to take a proactive and integrated approach to security. We’re advancing Zero Trust security by integrating access control across Zero Trust pillars, such as endpoint management with Microsoft Endpoint Manager, threat protection with Microsoft Defender, and networks with secure hybrid access partnerships with network security vendors. We will continue to add innovative, fine-grained access controls that can be consistently applied across your entire digital estate.

2. Multi-cloud digital environments demand multi-cloud security and governance

You’ve told us that your companies already operate in a multi-cloud world and that you need us to deliver solutions that protect you across all the cloud services your organization uses. We’ve heard you and we also know that digital transformation and multi-cloud architectures are driving explosive growth in workload identities and permissions across your multi-cloud IT estate. As these identities and permissions multiply, they expand the attack surface and increase your risk. Earlier this year, we acquired CloudKnox to ensure that you can discover, organize, and manage permissions for all identities across all your clouds. This is part of a larger effort on how we protect identities while also managing and governing their access.

3. Growing a digital ecosystem and ubiquitous decentralized computing require a new trust fabric

As more interactions turn digital, the role of identity is expanding. Today, not only employees but also partners, customers, creators, digital services, and smart devices all collaborate online. And you need ways for all of them to establish trust in real-time. Identity is becoming a critical system not just for organizations but for society at large because it is the only system that can establish ubiquitous trust in a digital world. Together with partners across the industry, we’re building the digital identity systems that will serve as a trust fabric for the ubiquitous, decentralized digital ecosystem of the future with our decentralized identity

Thank you for your continued partnership and trust. We look forward to building this new era of identity with you.

Learn more

We invite you to read the full Gartner® Magic Quadrant^TM for Access Management report.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner, Magic Quadrant for Access Management, By Henrique Teixeira, Abhyuday Data, Michael Kelley. 1 November 2021.

The post Microsoft is a 5-time Leader in the Gartner Magic Quadrant for Access Management appeared first on Microsoft Security Blog.

Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.

During this incubation, customers and partners all around the world have helped us understand their challenges and the shortcomings of their existing identity systems. We’ve learned a ton through a set of successful proof of concepts partnering with Keio University,¹ The National Health Service (UK),² and the Government of Flanders.³ We’ve worked with our partners in the Decentralized Identity Foundation (DIF) and the open standards community to develop standards and demonstrate interoperability.

Using these new open standards and all these learnings to guide us, we turned on the public preview of our new decentralized identity system—Microsoft Azure Active Directory Verifiable Credentials—in April 2021. That preview generated a ton of valuable feedback and gave us the opportunity to learn from all of you.

Through all these interactions and investments, we have become even more excited about the opportunity to create a decentralized identity system that increases customer trust and adoption by minimizing data processing and providing the user much greater control of the specific identity data they share and how it will be used.

Now we are well into the next phase of our plan, working on two parallel efforts:

1. Partner with the decentralized identity community to finalize a set of high-quality open standards that we can all support.
2. Deliver the first General Availability release of our decentralized identity service in parallel with these still-evolving standards.

The 5 guiding principles

In this new phase, we want to share the set of guiding principles that we will use to guide both efforts. Not all these principles will be realizable from the start, but we believe that all are necessary over time to realize the promise of decentralized identities:

1. Secure, reliable, and trustworthy

• My digital identity must be secure. It must not be easy to forge or hack. No one must be able to use it to impersonate me.
• I must always have a way to access, use, and securely recover my digital identity.
• I must have access to a detailed log of all the times I’ve used my digital identity, who I used it with, and what it was used for.

2. Privacy protecting and in my control

• My digital identity is under my control. It must only be used with my consent and when I consent; I must know who will use it and how it will be used.
• I must be able to review which elements of my digital identity are being requested and I must have the option to only disclose the specific information necessary to support the consented use.
• My use of my digital identity must be private. No one, other than the party I explicitly share it with, should know I am using it without my consent.
• My digital identity must not be able to be used to track me across unrelated services or applications without my consent.
• I must have the freedom to switch between the devices and applications of my choosing to manage my digital identity, and never be locked in.
• I must be able to delete all aspects of my digital identity and any associated data and log files from wherever I choose to store them.

3. Inclusive, fair, and easy to use

• My digital identity must be usable, available, and accessible regardless of my race, ethnicity, abilities, gender, gender identity, sexual orientation, national origin, socio-economic status, or political status.
• My digital identity must be easy to use and use universal design principles to make it useful for people with a wide variety of abilities.

4. Supervisable

• I must be able to designate trusted friends or family members who can access my digital identity as needed if I become incapacitated or pass away.
• If I am a child, my digital identity must support appropriate parental or custodial oversight and control.

5. Environmentally responsible

• Creating and using my digital identity must be environmentally sustainable and not cause long-term environmental harm.

Microsoft’s commitments to the new digital identity system

In building and running this new system, we are also making an additional set of commitments we believe are critically important:

1. Legitimate and lawful: This new digital identity system must be legitimate and lawful. We will strive to assure it doesn’t encourage illegal activity, enable corruption, or expose people to undue risk or unlawful access. We will strive to ensure the technology doesn’t cause or exacerbate unjust or disparate impacts on systemically marginalized members of society.
2. Interoperable and accessible: We will strive to ensure technical and policy interoperability among domestic and international stakeholders, ease of use, broad inclusion, and equity of access. We will work to ensure the system works across modalities, including using it online, in person, and over the phone. We will build the system based on open, non-proprietary, and accessible standards to assure broad interoperability.
3. Safe: We will strive to place user safety and security at the center of our decentralized identity system design.

Looking forward

Our goal in sharing these principles and our commitments is to help our customers, partners, and the decentralized identity community understand what motivates and guides us and how we think about this exciting opportunity.

Visit Microsoft decentralized identity to learn more about the benefits and opportunities of a decentralized identity ecosystem based on open standards.

And we hope you’ll read the next blog in our five-part series on decentralized identity, where Pamela Dingle demystifies the basics of direct presentation, decentralized identity, verifiable credentials, and anchored decentralized identifiers. It’s quite entertaining, as well.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹University to enable students to securely manage their own transcripts with Verifiable Credentials, Customer Stories, Microsoft. 16 March 2021.

²With high levels of security and trust, the NHS rapidly meets clinical demands using verified credentials, Customer Stories, Microsoft. 15 March 2021.

³How a decentralized identity and verifiable credentials can streamline both public and private processes, Customer Stories, Microsoft. 17 March 2021.

The post Microsoft’s 5 guiding principles for decentralized identities appeared first on Microsoft Security Blog.

The past year has shown us all just how critical frontline workers are to our communities and our economy. They’re the people behind the counter, in the call centers, in hospital ICUs, on the supermarket floor—doing the critical work that makes the difference in feeding our families, caring for the sick, and driving the long-tail economy. Frontline workers account for over 80 percent of the global workforce—two billion people worldwide. Yet because of high scale, rapid turnover, and fragmented processes, frontline workers often lack the tools to make their demanding jobs a little easier.

We believe identity is at the center of digital transformation and the key to democratizing technology for the entire frontline workforce including managers, frontline workers, operations, and IT. This week at the National Retail Federation (NRF) tradeshow, we announced several new features for frontline workers. Building on this announcement, I’m excited to dive into three generally available Azure Active Directory features that empower frontline workers:

1. Streamline common IT tasks with My Staff

Azure Active Directory provides the ability to delegate user management to frontline managers through the My Staff portal, helping save valuable time and reduce security risks. By enabling simplified password resets and phone management directly from the store or factory floor, managers can grant access to employees without routing the request through the helpdesk, IT, or operations.

Figure 1: Delegated user management in the My Staff portal

2. Accelerate onboarding with simplified authentication

My Staff also enables frontline managers to register their team members’ phone numbers for SMS sign-in. In many verticals, frontline workers maintain a local username and password—a cumbersome, expensive, and error-prone solution. When IT enables authentication using SMS sign-in, frontline workers can log in with single sign-on (SSO) for Microsoft Teams and other apps using just their phone number and a one-time passcode (OTP) sent via SMS. This makes signing in for frontline workers simple and secure, delivering quick access to the apps they need most.

Figure 2: SMS sign-in

Additional layers of Conditional Access enable you to control who is signing in using SMS, allowing for a balance of security and ease of use.

3. Improve security for shared devices

Many companies use shared devices so frontline workers can do inventory management and point-of-sale transactions—without the IT burden of provisioning and tracking individual devices. With shared device sign out, it’s easy for a firstline worker to securely sign out of all apps and web browsers on any shared device before handing it back to a hub or passing it off to a teammate on the next shift. You can choose to integrate this capability into all your line-of-business iOS and Android apps using the Microsoft Authentication Library.

Figure 3: Shared device sign-out screen

Additionally, you can use Microsoft Endpoint Manager to set up and customize how frontline workers use shared devices, with three new preview features for provisioning, setting up device-based Conditional Access policies, and customizing the sign-in experience with Managed Home Screen.

Looking ahead

Working in partnership with our customers, we’re committed to bringing you purpose-built frontline capabilities that deliver secure identity and access that is tailored to your needs and environment. We’ll continue to innovate in 2021, adding features that simplify work, bring people together, and help organizations of all sizes achieve more.

To learn more about Microsoft Identity solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @AzureAD and @MSFTSecurity for the latest news and updates on cybersecurity.

The post Azure Active Directory empowers frontline workers with simplified and secure access appeared first on Microsoft Security Blog.

In November 2019 at Microsoft Ignite, we shared that more than 100 million people were already using Microsoft’s passwordless sign-in each month. In May of 2020, just in time for World Password Day, that number had already grown to more than 150 million people, and the use of biometrics to access work accounts is now almost double what it was then. We’ve drawn strength from our customers’ determination this year and are set to make passwordless access a reality for all our customers in 2021.

2020: A banner year for passwordless technology

February: We announced a preview of Azure Active Directory support for FIDO2 security keys in hybrid environments. The Fast Identity Online (FIDO) Alliance is a “cross-industry consortia providing standards, certifications, and market adoption programs to replace passwords with simpler, stronger authentication.” Following the latest FIDO spec, FIDO2, we enabled users with security keys to access their Hybrid Azure Active Directory (Azure AD) Windows 10 devices with seamless sign-in, providing secure access to on-premises and cloud resources using a strong hardware-backed public and private-key credential. This expansion of Microsoft’s passwordless capabilities followed 2019’s preview of FIDO2 support for Azure Active Directory joined devices and browser sign-ins.

June: I gave a keynote speech at Identiverse Virtual 2020 where I got to talk about how Microsoft’s FIDO2 implementation highlights the importance of industry standards in implementing Zero Trust security and is crucial to enabling secure ongoing remote work across industries. Nitika Gupta, Principal Program Manager of Identity Security in our team, showed how Zero Trust is more important than ever for securing data and resources and provided actionable steps that organizations can take to start their Zero Trust journey.

September: At Microsoft Ignite, the company revealed the new passwordless wizard available through the Microsoft 365 Admin Center. Delivering a streamlined user sign-in experience in Windows 10, Windows Hello for Business replaces passwords by combining strong MFA for an enrolled device with a PIN or user biometric (fingerprint or facial recognition). This approach gives you, our customers, the ability to deliver great user experiences for your employees, customers, and partners without compromising your security posture.

November: Authenticate 2020, “the first conference dedicated to who, what, why and how of user authentication,” featured my boss, Joy Chik, CVP of Identity at Microsoft, as the keynote speaker. Joy talked about how FIDO2 is a critical part of Microsoft’s passwordless vision, and the importance of the whole industry working toward great user experiences, interoperability, and having apps everywhere support passwordless authentication. November also saw Microsoft once again recognized by Gartner as a “Leader” in identity and access management (IAM).

MISA members lead the way

The Microsoft Intelligent Security Association (MISA) is an ecosystem of security partners who have integrated their solutions with Microsoft to better defend against increasingly sophisticated cyber threats. Four MISA members—YubiKey, HID Global, Trustkey, and AuthenTrend—stood out this year for their efforts in driving passwordless technology adoption across industries.

Yubico created the passwordless YubiKey hardware to help businesses achieve the highest level of security at scale.

“We’re providing users with a convenient, simple, authentication solution for Azure Active Directory.”—Derek Hanson, VP of Solutions Architecture and Alliances, Yubico

HID Global engineered the HID Crescendo family of FIDO-enabled smart cards and USB keys to streamline access for IT and physical workspaces—enabling passwordless authentication anywhere.

“Organizations can now secure access to laptops and cloud apps with the same credentials employees use to open the door to their office.”—Julian Lovelock, VP of Global Business Segment Identity and Access Management Solutions, HID

TrustKey provides FIDO2 hardware and software solutions for enterprises who want to deploy passwordless authentication with Azure Active Directory because: “Users often find innovative ways to circumvent difficult policies,” comments Andrew Jun, VP of Product Development at TrustKey, “which inadvertently creates security holes.”

AuthenTrend applied fingerprint-authentication technology to the FIDO2 security key and aspires to replace all passwords with biometrics to help people take back ownership of their credentials.

Next steps for passwordless in 2021

Our team has been working hard this year to join these partners in making passwords a thing of the past. Along with new UX and APIs for managing FIDO2 security keys enabling customers to develop custom solutions and tools, we plan to release a converged registration portal in 2021, where all users can seamlessly manage passwordless credentials via the My Apps portal.

We’re excited about the metrics we tracked in 2020, which show a growing acceptance of passwordless among organizations and users:

• Passwordless usage in Azure Active Directory is up by more than 50 percent for Windows Hello for Business, passwordless phone sign-in with Microsoft Authenticator, and FIDO2 security keys.
• More than 150 million total passwordless users across Azure Active Directory and Microsoft consumer accounts.
• The number of consumers using Windows Hello to sign in to Windows 10 devices instead of a password grew to 84.7 percent from 69.4 percent in 2019.

We’re all hoping the coming year will bring a return to normal and that passwordless access will at least make our online lives a little easier.

Learn more about Microsoft’s passwordless story. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post A breakthrough year for passwordless technology appeared first on Microsoft Security Blog.

I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory (Azure AD) has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide.

Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guiding principles of our identity and access management (IAM) strategy, emphasizing our commitment to delivering a secure and scalable identity solution. Azure AD safeguards access to your apps by enforcing strong authentication and adaptive risk-based access policies, providing seamless user access with single sign-on (SSO) and reduced IT costs. We envision Azure AD as the key to embracing a Zero Trust security model, enabling secure application access and greater productivity across users, apps, and devices.

Consistently landing in Gartner Magic Quadrant for the past four years tells us that we’re executing on our vision and making a difference for you, our customers.

We’ve learned from your resilience in adapting to remote work over the past year, and your direct feedback has shaped our advancements in several areas:

• Adaptive security: Azure AD natively offers comprehensive logging, dashboard, and reporting capabilities, as well as identity analytics with Azure AD Identity Protection.
• Secure application access: Azure AD supports out-of-the-box single sign-on (SSO) and provisioning connectors to thousands of SaaS apps, as well as authentication for legacy on-premises applications through App Proxy and secure hybrid-access partnerships.
• Report-only mode: The report-only (or audit-only) mode enables administrators to evaluate the impact of Conditional Access policies before enabling them for users.
• Web Content Accessibility Guidelines: We’re proud of our commitment to inclusion and accessibility by design, which goes beyond meeting Web Content Accessibility Guidelines (WCAG) compliance to providing a positive experience for all users.
• API access control: We offer built-in centralized policy management, management of security tokens, token translation, and developer self-service support. In addition, Azure AD offers native integration with the Azure API Management service or with third-party API gateway products for more advanced API security.
• Open standards: Azure AD offers support for all major identity standards, including SAML 2.0, WS-Fed, OIDC, OAuth 2.0, and password vaulting with JavaScript-based login form filling.

We’re honored to place this well for the fourth time and believe it reflects the energy and passion we’ve put into partnering with our customers to help them successfully digital transform their businesses. That said, there’s lots more work to do, and we look forward to continuing to partner with you, our customers, to assure the products we build keep your organizations secure and productive. We’re grateful for your trust, and I look forward to seeing what we can accomplish together in the coming year.

To learn more about Microsoft Identity solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @AzureAD and @MSFTSecurity for the latest news and updates on identity and cybersecurity.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management appeared first on Microsoft Security Blog.