Building Stronger Identity Solutions with New Microsoft Entra Integrations

I'm excited by this year's RSA theme of “Stronger Together.” In the Identity and Access Division, we believe that everyone must work together to make the world a safer place for all. Leading up to RSA this year, the team has been hard at work collaborating with a wide range of technology vendors to extend our Microsoft Entra capabilities and help our customers move forward in their Zero Trust journeys. By integrating our products together, we make better security solutions for all. Below you'll find some highlights from the last six months of our work creating integrated solutions to add more value for our customers. 

FIDO2 security keys with phishing-resistant capabilities

-resistant multifactor () options, like FIDO2 security keys, provide added security to help prevent bad actors from tricking users into handing over their credentials. We continue to build integrations with partners to provide new form factors for the FIDO2 authentication experience with Azure Active Directory (Azure AD) as part of the Microsoft Entra family. Some of the latest vendors we have added include:


HYPR recently released Enterprise Passkeys. The solution integrates with to turn a smartphone into a virtual FIDO2 security key, providing -resistant passwordless authentication to Azure resources without needing a hardware security key. Learn more at HYPR Enterprise Passkeys | HYPR.


The Token Ring is a wearable device that combines biometric user verification, public-private key cryptography, secure hardware, and decentralized credential. Token has integrated with to provide -resistant FIDO2 multifactor authentication. 


Thales launched the SafeNet eToken Fusion series, a new set of USB tokens combining FIDO2 with PKI/CBA in a single . Thales's new tokens are designed to protect users against account compromise and provide stronger security for access to cloud and web applications.

Enforcing strong authentication methods across tenants

Our customers sometimes need to mandate strong authentication methods for specific users for compliance reasons or to reduce risk. Azure AD makes this programmatically possible via our authentication strengths API, and security vendors can use the API to allow their customers to enforce strong authentication within their own product's user experience.

Secure authentication management for Apple devices

Our customers use a variety of devices, including those outside of the Windows ecosystem. jamf helps customers automate and scale Apple IT and security workflows by integrating with Azure AD. 


Azure AD has integrated with jamf Pro and jamf Connect to provide Apple users with a secure authentication management solution. This integration provides automated compliance management for macOS and iOS devices accessing applications set up with Azure AD authentication. With Conditional Access and Device Compliance for macOS, customers now have the ability to share inventory data from jamf Pro to Microsoft Intune, apply conditional access criteria, and offer remediation paths. 

Enhancing Windows device information

Azure AD provides a central place for managing device identities and monitoring related event information. It also offers a set of 15 extension attributes with predefined names on the user and device resources. With Microsoft Graph, a single API endpoint can access rich people-centric data and insights. App developers can now extend Microsoft Graph by adding custom properties to resource instances without requiring an external data store.


Tanium's Zero Trust readiness with Azure AD now enables customers to update Azure AD Windows devices with custom extension attributes. The custom extension attributes are updated in real-time and are created based on the complete data Tanium has about every Windows device. Customers are now able to enforce fine-grained conditional access policies in Azure AD based on reliable data from fully customizable computer groups in Tanium. You can read more in their article Tanium and Azure Active Directory Integration

Improving shared device access experience 

Frontline workers such as retail associates, flight crew members, and field service workers often use a shared mobile device to perform their work. With shared device mode, employees can sign in and access customer information quickly. When they're finished with their shift or task, they can sign out of the device, and it's immediately ready for use by the next employee. 


Customers can now streamline authentication to Microsoft Teams on Imprivata's GroundControl app using Microsoft's shared device mode on iOS. Two-tap sign-in simplifies log-in flow for frontline workers and automatic sign-out closes apps supporting MSAL and shared device mode. Learn more about this integration in their post Imprivata GroundControl integrates with Microsoft Shared Device Mode for simple, secure access to Te…


VMware now has a preview of Anywhere Workspace for shared device mode on Android. With VMware's integration with shared device mode (SDM), customers can automatically provision devices into SDM, add them into Azure AD, and let users automatically sign in and out of applications. Customers who are interested in testing this can navigate to Join VMware Anywhere Workspace Early Access™ Program! to access a detailed guide and enable the feature.

Building stronger identity risk solutions by sharing risk signals

In a Zero Trust landscape, it's increasingly important to identify and respond to suspicious user account activity that may signal account compromise. At Microsoft Security, we process over 65 trillion signals across all types of devices, apps, platforms, and endpoints each day. Our Microsoft Graph Identity Protection APIs enable security vendors to integrate with Azure AD Identity Protection capabilities to analyze individual user risk or determine that a user has been compromised.

New pre-integrated applications available in Azure AD Gallery

Finally, we continue to add more pre-integrated apps in our Azure AD App gallery. These pre-built integrations make it easier for IT Admins to configure, manage, and secure their applications with Azure AD. Independent software vendors can publish an application to the Azure AD Gallery by following the instructions here. Some notable additions to our Azure AD app gallery include:


We appreciate the collaboration across the security ecosystem and look forward to more integrations in the future. Reach out to me to share ideas or leave comments below.

Best regards,

Natee Pretikul

Principal PM Manager, Microsoft Security 

Twitter:  @NateePretikul


Learn more about Microsoft identity:


This article was originally published by Microsoft's Secure Blog. You can find the original article here.