Identity Innovation for a More Secure Nation

With more than 1000 identity attacks occurring each second1, government agencies are tasked with serving the public amidst the most challenging cybersecurity environment in history. Protecting the freedom of citizens makes them a prime target for bad actors across the cyberthreat ecosystem, from nation-state attacks on our infrastructure to identity compromise. Expanding security threats put federal agencies and their most critical data at risk.

With recent innovations like -resistant multifactor (MFA) from Azure – part of Microsoft Entra – government customers can deliver on their policy objectives, while adhering to cybersecurity guidelines and regulatory compliance.

In January of last year, the National Security Memo (NSM-8) was issued to direct civilian agencies to use passwordless and -resistant multifactor (MFA). Agencies hit their deadlines for compliance last month. We are delighted to help many of these agencies through key capabilities which help them meet their objectives, as they strive to serve the public.

Peace of mind through modern strong authentication

As a response to the NSM-8 and the Executive Order (EO 14028) on Improving the Nation's Cybersecurity, Microsoft has developed strong methods that help agencies to do the following:

Remove the threat and costs of legacy, on-premises federated servers

Securely authenticate users with -Based Authentication (CBA) with certificates such as Common Access Card (CAC) and Personal Identity Verification (PIV) Card used by US Federal Agencies and the US Department of Defense. This supports CBA while reducing the attack surface and costs associated with legacy on-premises IT infrastructure.

Use the right MFA method for the right resources

Roll out modern, easy to use and resistant authentication methods. Conditional Access Authentication Strengths helps you increase security while moving to phishing-resistant MFA and ensuring critical assets are protected.

Facilitate cross-agency collaboration 

Combine phishing-resistant authentication (such as Azure CBA, FIDO2, Windows Hello for Business) with Conditional Access Authentication Strengths with Cross-Tenant Access Policies to fully realize secure collaboration with other government agencies and commercial partners/contractors in any Microsoft cloud, while maintaining compliance.

Microsoft can help

Public servants deserve the flexibility to do their jobs using modern identity tools and modern mobility, maximizing productivity while still achieving the highest level of security – so they can focus on serving the public without worrying about identity attacks.

We're proud to continue our partnership with government agencies to leverage strong authentication identity solutions that can help ensure data and identities are protected against even the most severe security threats.

To learn more about Microsoft's work in implementing Executive Order 14028 and phishing-resistant MFA, please read more here:

Plan a passwordless authentication deployment in Azure Active Directory – Microsoft Entra | Microsof…

Deployment considerations for Azure AD Multi-Factor Authentication – Microsoft Entra | Microsoft Lea…

US Government sets forth Zero Trust architecture strategy and requirements.

Best regards, 

Alex Weinert (@Alex_T_Weinert) 

VP Director of Identity Security, Microsoft 

1 According to Microsoft Azure Active Directory () authentication log data. 2022.

Learn more about Microsoft identity:


This article was originally published by Microsoft's Azure Blog. You can find the original article here.