Microsoft Identity Division Embracing Blockchain for Decentralized IDs

The Microsoft Identity Division, which is responsible for Active Directory developments, is embracing blockchain technologies to improve digital identity security and increase overall control by end users.

Alex Simons, director of program management for the Microsoft Identity Division, indicated in an announcement this week that, for the past year, the Microsoft identity and access team responsible for Active Directory solutions has been "incubating a set of ideas for using blockchain (and other distributed ledger technologies) to create new types of digital identities." The idea is to create so-called "decentralized IDs" (DIDs).

One aspect that the team is working on is bringing this DID technology to the current Microsoft Authenticator app. When that's done, the Microsoft Authenticator app will have the ability to "manage identity data and cryptographic keys." It'll actually separate those two aspects. Here's how Microsoft's announcement described how that will work:

In this design [for the Microsoft Authenticator app], only the ID is rooted on chain. Identity data is stored in an off-chain ID Hub (that Microsoft can't see) encrypted using these cryptographic keys.

More details were outlined by team member Ankur Patel in the announcement. He described a few of Microsoft's ideas for enabling DIDs.

First, Microsoft sees blockchain's "technologies and protocols" as being "well suited" for enabling DIDs. Next, user privacy for DIDs can be ensured via "a secure digital hub (ID Hubs) that can interact with a user's data while honoring user privacy and control." This decentralized system will rely on attestations, which Microsoft defines as "claims that other entities endorse," to prove user identities. Application and service providers can leverage DIDs and ID Hubs for personalization purposes, while avoiding the legal compliance risks associated with storing customer data.

The underlying system has to be capable of scaling to meet global demand, and so Microsoft is working on "decentralized Layer 2 protocols" for public blockchains to help make that happen. The system also has to be accessible to everyone, and so Microsoft is aiming to address various "management challenges."

This future DID system also "must be built on standard, open source technologies," Microsoft's announcement declared. Key components to that end include:

Microsoft has been a member of the Decentralized Identity Foundation and joined the ID2020 Alliance last month to help devise a worldwide portable digital identity system. It has also been working with partners and policy-makers, including the United Nations, to help make it happen.

It's not news that Microsoft is betting on blockchain, as reporting by Redmond's Jeffrey Schwartz has shown. It might be expected that a DID system based on distributed ledgers would erode Microsoft's heavy investments in Active Directory and Azure Active Directory. That idea, though, early on was discounted by Microsoft.

James Staten, chief strategist of the Enterprise and Cloud Division at Microsoft, explained it this way in this 2016 Redmond article: "If you look at how you log in and verify who you are with blockchain, you still use a public-private key model to do that and there's still a need for a verification element of the identity, and that's actually what Active Directory does very well."

Blockchain is typically thought of as a set of technologies that financial institutions are starting to investigate, and Microsoft is also involved on that front. Its Azure Marketplace, for instance, currently offers several ready-to-deploy distributed ledger options as part of its Azure Blockchain as a Service.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.