Microsoft, RSA Make Identity Security Push in the Age of AI

The identity security market is reaching a tipping point as organizations juggle legacy authentication tools and the surge of AI‑driven workloads. Enterprises that have invested heavily in specialized MFA solutions often face costly migrations when adopting cloud‑first platforms. By opening Entra ID to external MFA providers through a standards‑based OpenID Connect bridge, Microsoft offers a low‑friction path that preserves regulatory compliance and reduces operational friction, while still leveraging its robust Conditional Access engine for real‑time risk assessment.

From an IT operations perspective, the GA of external MFA addresses a long‑standing pain point: managing disparate authentication stacks across on‑premises, hybrid, and multi‑cloud environments. Administrators gain a single pane of glass to configure sign‑in frequency, session controls, and risk policies, eliminating the need for the now‑deprecated Custom Controls framework slated for September 2026. This consolidation not only streamlines governance but also cuts licensing overhead, as organizations can retain existing MFA investments rather than repurchasing Microsoft’s native solution.

RSA’s partnership amplifies the narrative by targeting the "AI workforce"—software agents that increasingly act as privileged users. With non‑human identities already outnumbering humans 17‑to‑1, the need for high‑assurance, phishing‑resistant authentication and contextual risk intelligence is urgent. RSA’s ID Plus, now available as an external MFA option within Entra, extends consistent identity policies to AI agents, aligning with Gartner’s forecast that 33% of enterprise applications will embed agentic AI by 2028. Together, these developments lay the groundwork for a more resilient, unified identity fabric that can scale with both human and machine actors.