Windows Azure Active Authentication Preview Released

Microsoft on Wednesday rolled out a preview of its cloud-based multifactor authentication service that it had showcased at TechEd.

"Active Authentication" is the code name for this Windows Azure-enabled technology that enforces secondary identification checks. With the service turned on, users who attempt to access an organization's files and applications via a user name and password will get prompted to confirm their identities via a secondary means. The secondary authentication method is either an automated phone call sent to their devices or a text message. The service is based on technology that Microsoft acquired when it bought PhoneFactor in October.

In addition to the voice and SMS text methods of verification, Microsoft offers a free Active Authentication app for the authentication process. The app works by sending a push notification to the user after log-in, prompting the secondary authentication. The Active Authentication app works with Android and iOS smartphones and tablets, as well as with Windows Phone devices.

Users of the Active Authentication service can choose which type of secondary authentication they get, according to Alex Simons, director of program management for Active Directory, in a blog post. IT pros can use the Windows Azure Portal to set up the service and specify the billing (either "per enabled user" or "per authentication"). They also can turn on the authentication service for specific users.

The service enables multifactor authentication across various Microsoft services, including Windows Azure, Office 365, Dynamics CRM Online and Windows Intune. Back when Microsoft announced the acquisition of PhoneFactor, it was already using the technology for Active Directory, Internet Information Services and Outlook Web Access, with integration plans for the entire Microsoft product line. The authentication service doesn't currently work with rich clients, such as Microsoft Outlook, which Microsoft explained back in March.

Windows Azure Active Directory is typically a free service for those using Microsoft's online products such as Office 365. However, Microsoft is charging for the Active Authentication service. Microsoft's pricing page for Active Authentication lists the billing details, but not the prices. The cost of using the Active Authentication preview in a non-test environment is $1 per user per month or $1 per every 10 authentications, according to Sarah Fender, director for Windows Azure, in a blog post. But those prices are half of what Microsoft plans to charge when the service reaches the "general availability" release stage, she indicated.

Microsoft doesn't offer service level agreements with Active Authentication. Technical support costs extra, starting at $29 per month. However, there is a no-cost forum topic page.

Microsoft didn't specify when the product would be generally released. In the meantime, there's a free trial.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

comments powered by Disqus