Entra ID

Microsoft Entra External MFA Now Generally Available

3 min čtení

Shrnutí

Microsoft has announced general availability of external MFA in Microsoft Entra ID, allowing organizations to integrate trusted third-party MFA providers using OpenID Connect. The feature lets IT teams keep Microsoft Entra ID as the central identity control plane while maintaining Conditional Access, risk evaluation, and unified authentication method management.

Potřebujete pomoc s Entra ID?Mluvte s odborníkem

Introduction

Microsoft has made external MFA in Microsoft Entra ID generally available, giving organizations a supported way to integrate third-party multifactor authentication providers into their identity environment. This is important for IT teams that need to meet regulatory requirements, support complex business scenarios, or modernize authentication without abandoning existing MFA investments.

What's new

External MFA, previously called external authentication methods, is now GA in Microsoft Entra ID.

Key highlights include:

  • Support for trusted third-party MFA providers
  • Integration based on the OpenID Connect (OIDC) standard
  • Centralized management alongside native Entra ID authentication methods
  • Continued enforcement of Conditional Access and real-time risk evaluation during sign-in
  • Support for session controls and sign-in frequency settings

This means organizations can extend Entra ID with external MFA providers while still using Microsoft Entra ID as the central policy and identity control plane.

Why it matters

Many organizations already use third-party MFA tools for compliance, business, or integration reasons. External MFA helps in scenarios such as:

  • Meeting regulatory or industry-specific authentication requirements
  • Supporting mergers and acquisitions where multiple identity systems may coexist
  • Unifying authentication under a modern Microsoft Entra architecture

Microsoft also notes that MFA reduces account compromise risk by more than 99 percent, making this release especially relevant as identity attacks continue to increase.

Impact on IT administrators

For administrators, the biggest benefit is simplified control. External MFA is managed within the same Entra ID framework as native methods, giving teams a single view of authentication options.

Admins can also apply Conditional Access policies to these sign-ins, including:

  • Real-time risk-based access decisions
  • Sign-in frequency controls
  • Session management settings

However, Microsoft warns that overly aggressive reauthentication can hurt user experience and even increase phishing risk by training users to approve prompts too often. Careful Conditional Access tuning remains essential.

Action items and next steps

IT administrators should consider the following steps:

  1. Review whether your organization relies on a third-party MFA provider today.
  2. Evaluate external MFA in Microsoft Entra ID for compatibility with your security and compliance needs.
  3. Review Conditional Access and reauthentication policies to avoid excessive MFA prompts.
  4. Plan for the retirement of Custom Controls, which will be deprecated on September 30, 2026.
  5. Follow Microsoft Learn guidance to begin implementation and migration planning.

Organizations currently using Custom Controls have time to transition, but this GA release signals that planning should start now.

Potřebujete pomoc s Entra ID?

Naši odborníci vám pomohou implementovat a optimalizovat vaše Microsoft řešení.

Mluvte s odborníkem

Buďte v obraze o technologiích Microsoft

Přečtěte si původní článek od Swaroop Krishnamurthy
Entra IDMFAConditional Accessidentity securityZero Trust

Související články

Entra ID

Microsoft Identity Manager 2016 SP3 Now Available

Microsoft Identity Manager 2016 SP3 is now generally available, bringing improved stability, broader platform compatibility, and a new Azure SQL Database deployment option for the Synchronization Service. The update matters for organizations running hybrid identity environments because it reduces operational risk, supports newer infrastructure components, and gives customers a supported path forward while planning longer-term moves to Microsoft Entra.

Entra ID

Microsoft Entra Face Check Secures High-Risk Identity Flows

Microsoft is expanding Face Check in Microsoft Entra Verified ID to strengthen identity verification during remote onboarding, access requests, and account recovery. The update removes per-user Face Check limits in Microsoft Entra Suite and highlights general availability for verified account recovery, helping organizations reduce impersonation risk and help desk dependency.

Entra ID

Microsoft Entra May 2026: Global Secure Access GA

Microsoft Entra’s May 2026 updates focus heavily on Global Secure Access, certificate-based authentication, and stronger privileged access controls. The new capabilities help IT teams extend Zero Trust protections to branch offices, mobile devices, external users, and AI workloads while improving usability and policy enforcement.

Entra ID

Microsoft Entra ID Passkeys: Fixing Recovery Gaps

Microsoft is expanding its passkey-first strategy in Entra ID by addressing the security gaps that remain after passkey deployment, including fallback credentials and weak account recovery. New capabilities such as Windows passkeys, passkey-preferred authentication, and generally available Entra ID account recovery help organizations reduce phishing and social engineering risk while improving user experience.

Entra ID

Microsoft Entra Webinar Series Strengthens Identity Security

Microsoft has launched a five-part Secure identity foundation with Microsoft Entra webinar series focused on passwordless authentication, Conditional Access, ID Protection, Tenant Governance, and Backup and Recovery. The series gives IT and security teams practical deployment guidance to strengthen access management, improve tenant visibility, and build more resilient identity protections across cloud and hybrid environments.

Entra ID

Microsoft Entra Internet Access Adds AI Security

Microsoft has announced new generally available and preview capabilities for Entra Internet Access and Entra Private Access, with a strong focus on securing AI, web, and private app traffic. The updates give IT teams more visibility into shadow AI, prompt injection risks, unmanaged devices, and private app access while extending Zero Trust controls across more scenarios.