Microsoft is now offering multi-factor authentication for Windows Azure to allow enterprises to secure employee, partner and customer access to cloud applications.
According to the Azure blog, the capability will allow customers to enable the authentication capability for Windows Azure Active Directory (AD) that will identify and help secure access to Office 365, Windows Azure, Windows Intune, Dynamics CRM Online and other apps that are integrated with Windows Azure AD. According to the Azure blog, developers can also use the Active Authentication SDK to build multi-factor authentication into their custom applications and directories.
Here’s how it works. People sign in with their user names and passwords. They then open an app on their mobile device through an automated phone call or text message — the idea being that it will better identify the true user, prevent unauthorized access to data and applications in the cloud. That in turn will reduce the risk of a breach and enabling regulatory compliance.
Active Authentication is built on the Phone Factor service which Microsoft acquired last fall. There are different options for set up. A customer can add it their Windows Azure AD tenant and turn it on for users. They can also add the service to custom applications by adding a few lines of code. The service also offers automated enrollment.
Customers can choose to pay on a per user, per month basis or by the number of
- users enabled for multi-factor authentication each month.
Adding AD to Windows Azure has opened Microsoft customers up to a much deeper way for IT to manage the use of its cloud infrastructure. It centralizes permissions. With Active Authentication, an IT manager can have a bit more peace that the people logging in are actually the people who should be accessing the network.
Microsoft is by no means the first to offer multi-factor authentication for its IaaS. Amazon Web Services has multi-factor authentication. Google also offers two-factor authentication.