Microsoft, RSA Make Identity Security Push in the Age of AI
2 of the bigger authentication statements to come out of the recent RSA Conference both point in the same instructions: Organizations require a more versatile, unified method to identity security, specifically as AI representatives begin acting together with human workers.
Microsoft utilized the occasion to push its external multi-factor authentication (MFA) assistance in Microsoft Entra ID to general availability, while RSA Security revealed a broadened collaboration with Microsoft developed around securing what it calls the “AI workforce.”
Entra External MFA Hits GA
Microsoft’s external MFA feature, is now typically available in Microsoft Entra ID, the business revealed at this year’s show. The capability lets orgs plug third-party MFA suppliers directly into Entra ID without having to abandon their existing authentication infrastructure or sacrifice Microsoft’s Conditional Gain access to policies.
The move is considerable for business that have actually invested in specialized MFA options to fulfill regulative requirements, deal with the intricacy of mergers and acquisitions or run throughout environments where Microsoft’s native MFA choices aren’t a fit. Built on the OpenID Link (OIDC) requirement, external MFA works within the very same admin console as Microsoft’s native approaches, providing IT groups a single pane of glass for all authentication management.
Sign-ins utilizing external MFA still travel through complete policy examination, consisting of real-time risk evaluation. Microsoft stated administrators can line up authentication prompts with business goals through sign-in frequency and session controls, however warned that excessively aggressive reauthentication can actually increase phishing threat by conditioning users to authorize triggers without examination.
Microsoft’s research study has pointed towards a more powerful push for wider MFA adoption. The business’s information shows MFA minimizes the threat of account compromise by more than 99%. The external MFA function extends that defense to organizations whose authentication stack sits outside Microsoft’s native community.
RSA Transfer To Protect the AI Labor Force
RSA Security’s announcement is tied to Microsoft’s freshly released Microsoft 365 E7: The Frontier Suite, which packages Microsoft 365 performance tools, Microsoft Copilot, Entra identity services and Representative 365, a governance platform for AI agents. RSA is positioning its ID Plus for Microsoft offering as the identity trust layer that sits on top of that platform.
The pitch is uncomplicated but increasingly immediate: as AI agents begin executing automated workflows, accessing sensitive information, and operating with privileged access inside business systems, identity governance can’t stop at human users. Research study reveals non-human identities already outnumber human users by a factor of 17.
RSA’s identity trust layer for the E7 suite covers 3 locations: high-assurance, phishing-resistant authentication for human users; danger intelligence that examines contextual signals to flag suspicious gain access to attempts; and protected gain access to controls for privileged operations as AI representatives handle more autonomous tasks.
The company likewise verified it is readily available as an external MFA supplier through Microsoft Entra’s newly GA ‘d structure, suggesting companies can release RSA authentication through the external MFA integration straight within Entra setups.
What It Implies for IT Pros
For admins running hybrid environments with tradition MFA investments, the Entra external MFA GA opens a cleaner migration path than the previous Customized Controls technique it replaces. The September 2026 deprecation deadline for Custom-made Controls means planning ought to begin now.
On the RSA side, the E7 combination story is more positive– AI agents as business employees is still an emerging design, but it’s arriving quick enough that identity groups would be smart to get ahead of it. Gartner has predicted 33% of business applications will consist of agentic AI by 2028, up from less than 1% in 2024. The security structures to govern those agents, consisting of constant identity controls that mirror what’s currently applied to human users, are going to be a core IT challenge in the near term.