Microsoft Announces External ID Preview plus Other Entra Identity Perks
Microsoft this week announced a few product additions to Microsoft Entra, which is Microsoft's branded suite of identity and access management solutions.
The additions include a new Microsoft Entra External ID preview that lets organizations create sign-in interfaces for customer-facing Web apps and pages. Microsoft also published an Identity Platform Development Center with resources for developers. A "Verified ID Wallet Library" software development kit for Android and iOS mobile apps was commercially released, too.
Microsoft also previewed Tenant Restriction version 2 for Azure Active Directory, which enables better access controls for cross-tenant collaborations.
Microsoft Entra External ID Preview
A new product, called "Microsoft Entra External ID," is currently at the "early preview" release stage. It represents Microsoft's future direction for "customer identity and access management" (CIAM) solutions.
Microsoft also refers to Microsoft Entra External ID as "Azure Active Directory (Azure AD) for customers," according to this document on Microsoft Entra External ID. With this addition, the Microsoft Entra product family now has six main products, as shown at this product landing page.
Microsoft generally seems to be positioning Microsoft Entra External ID for use with customer-facing sign-ins, per a Microsoft Build demo. However, its use also extends to business-to-business (B2B) scenarios. Sign-ins can be enabled for "workforce tenants," which can include employees, or "customer tenants," representing an organization's customers, Microsoft's document explained.
Microsoft already has an Azure AD B2C (business-to-customer) product, although it seems that Microsoft Entra External ID will be replacing it at some point. However, Microsoft suggested that it isn't pressing for its Azure AD B2C users to make that switch at this point, per an Azure AD B2C FAQ:
We remain fully committed to support of your current Azure AD B2C solution. There are no requirements for Azure AD B2C customers to migrate at this time and no plans to discontinue the current Azure AD B2C service.
Like Azure AD B2C, it's possible to use non-Microsoft identity providers, such as Facebook and Google identity services, with Microsoft Entra External ID. The Build demo showed this slide, for instance:
The differences between Microsoft Entra External ID and Azure AD B2C weren't explained too much. However, Microsoft apparently will put its future efforts behind Microsoft Entra External ID, per this preview announcement:
Microsoft Entra External ID is our next generation customer identity and access management platform that represents an evolutionary step in unifying secure and engaging experiences across all external identities including customers, partners, citizens, and others within a single, integrated platform.
Microsoft Entra External ID has "all familiar features of Azure AD External Identities plus new capabilities," including "developer-centric tools" for building sign-ins into Web and mobile applications, the announcement explained. Its preview features include "built-in fraud management, user groups, app roles, custom attributes, and policies."
The Microsoft Entra External ID preview can be accessed via a free 30 day trial or by using an Azure free account (the latter option requires providing a credit card number, "but you won't be charged during public preview"). There's also a free preview trial offered through the Azure AD for customers landing page.
At the end of the free trial, the tenant data gets deleted, Microsoft explained, in this "Quickstart" guide for Azure AD for customers.
New Identity Platform Developer Center
Microsoft also this week announced the publication of a new Identity Platform Developer Center, which is a Web page housing materials on understanding identity concepts, including learning materials and code samples for using Microsoft Entra External ID.
Developers get some perks when working with Microsoft Entra External ID because of its use of the "Microsoft Authentication Library (MSAL) where the same application code will work for workforce and customer scenarios," the announcement explained.
Microsoft Entra Verified ID Digital Wallet SDK
Microsoft also this week announced that its existing Microsoft Entra Verified ID credential service now has support for a Verified ID Wallet Library for Android and iOS mobile apps, which reached "general availability" commercial-release status.
The benefits of using the Verified ID Wallet Library software development kit include "reducing the risk for fraud and account takeovers, streamlining app sign ins, creating self-service account recovery and helpdesk flows, and enabling rich partner rewards ecosystems," Microsoft explained.
The new Verified ID Wallet capability is based on "open standards" and provides for "privacy-protected interactions between organizations and users." Organizations can use "Verified ID cards" with customers for "dozens of use cases." Microsoft further described it in this Build session video.
Tenant Restrictions Version 2 Preview
In related news from the Microsoft Identity team, Microsoft announced this week that it has released a preview of version 2 of its Tenant Restrictions settings for Microsoft's commercial clouds.
The Tenant Restrictions version 2 preview is an Azure AD feature that offers access controls on cross-tenant collaborations. It particularly adds access controls when external accounts get used to sign into an organization's networks or devices.
"With the Tenant restrictions settings included with cross-tenant access settings, you can control the external apps that your Windows device users can access when they're using external accounts," Microsoft explained in its "Tenant Restrictions" document.
Tenant Restrictions version 2 was described as "preventing information leaks due to token infiltration, anonymous access of external SharePoint online data, or anonymous join of external Teams meetings, and enables secure external collaboration," per the announcement. It works with all Office apps and the Microsoft Edge browser, plus Universal Windows Platform .NET apps.
Compliance and Security
Microsoft announced the "general availability of machine learning-enabled source code classifier" for the Microsoft Purview Information Protection service. Also, the Microsoft Purview eDiscovery service has new APIs "to help automate compliance workflows," as explained in this Build session video.
Microsoft also announced a "Secure Supply Chain Consumption Framework Simplified Requirements guide," which aims to help developers "improve your open source software (OSS) consumption practices."
About the Author
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.