The Digital ID Directory

Back to search results

At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. This mission is grounded in both the world in which we live and the future we strive to create.

Today, we live in a mobile-first, cloud-first world, and the transformation we are driving across our businesses is designed to enable our customers to thrive in this world. We do business in over 120 countries and are made up of 182,000 passionate employees dedicated to fulfilling our mission of helping you and your organization achieve more.

Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Our platforms and tools help drive small business productivity, large business competitiveness, and public-sector efficiency. We offer an array of services, including cloud-based solutions that provide customers with software, services, and platforms, and we provide solution support and consulting services.

Main office address

Microsoft Reading,
UK Headquarters
Thames Valley Park
Reading
RG6 1WG

Telephone number

0344 800 2400

Website

www.microsoft.com/en-gb

Key Products / Services / Sectors (USPs)

Microsoft’s Azure Active Directory (Azure AD) is a comprehensive digital identity cloud solution for your employees, partners, and customers.  ​It combines directory services, advanced identity governance, application access management, verifiable credential service and a rich standards-based platform for all their apps across cloud and on-premises. Azure AD includes the following solutions to meet all your digital identity needs:

Azure Active Directory B2C – manage your customers’ identities and access.

    • The new Azure Active Directory Verified Credentials Service enables users to independently generate, present, and verify identity claims.

Azure Active Directory B2B – Invite external users into your Azure AD tenant as guest users and assign permissions for authorization while they use their existing credentials for authentication.

Microsoft Identity Platform – allows developers to integrate modern, standards-based authentication solutions and authorization into apps your users and customers use and includes open-source libraries and application management tools.

 

  1. Microsoft Azure Active Directory B2C

Azure Active Directory B2C (Azure AD B2C) is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring and automatically handling threats like denial-of-service, password spray, or brute force attacks. Key features include:

Custom-branded identity solution: Azure AD B2C is a white-label authentication solution. You can customize the entire user experience with your brand so that it blends seamlessly with your web and mobile applications. Customize every page displayed by Azure AD B2C when your users sign up, sign in, and modify their profile information.

Single sign-on access with a user-provided identity: Azure AD B2C uses standards-based authentication protocols including OpenID Connect, OAuth 2.0, and SAML. It integrates with most modern applications and commercial off-the-shelf software. By serving as the central authentication authority for your web applications, mobile apps, and APIs, Azure AD B2C enables you to build a single sign-on (SSO) solution for them all.

Integration with external user stores: Azure AD B2C provides a directory that can hold 100 custom attributes per user. However, you can also integrate with external systems. Azure AD B2C can also facilitate collecting the information from the user during registration or profile editing, then hand that data off to the external system. Then, during future authentications, Azure AD B2C can retrieve the data from the external system and, if needed, include it as a part of the authentication token response it sends to your application.

Progressive profiling/step up authentication: Another user journey option includes progressive profiling or step-up authentication. Progressive profiling allows your customers to quickly complete their first transaction by collecting a minimal amount of information. Then, gradually collect more profile data from the customer, as needed, on future sign-ins.

Third-party identity verification and proofing: facilitate various levels of identity verification and proofing by collecting user data, then passing it to a third-party system to perform validation, trust scoring, and approval for digital identity creation.

Protect and govern access: safeguard user credentials using a Zero Trust approach where the organization always verifies first before a user or device is trusted. Based on strong multi-factor authentication and intelligent conditional access policies in Azure AD, combined with endpoint management and security in M365 E3/E5. For the fourth year in a row, Microsoft is a worldwide leader in the Magic Quadrant for Access Management.

Seamless omnichannel experience: Leveraging the omnichannel capabilities of Microsoft Dynamics 365 in combination with solutions from our extensive network of partners, you can create a seamless omnichannel platform powered by Microsoft Azure to create a frictionless experience for your customers and partners across all channels.

Secure, flexible cloud environments: Microsoft offers Azure Active Directory deployed in the global public cloud, isolated national clouds or other private clouds designed to make sure that data residency, sovereignty, and compliance requirements are respected. Azure Active Directory Domain Services reduces the complexity of migrating on-premises apps to Azure and handles infrastructure when running apps both on-premises and in the cloud.

  • Azure Active Directory Verifiable Credentials (Public Preview)

Decentralized identity is a trust framework in which digital identities can be created that are self-owned, standards-based, and enable data exchange using blockchain and distributed ledger technology to protect privacy and secure transactions.

Microsoft’s verifiable credential solution will equip organizations to take advantage of decentralized identity, by allowing identity owners to generate, present, and verify digital identities. This innovative approach empowers the user while allowing trust to be established between a user and service provider.

Azure Active Directory Verifiable Credentials is currently in public preview which means certain features might not be supported or might have constrained capabilities. Visit microsoft.com to sign up for the Microsoft Azure AD Verifiable Credentials public preview.

 

  1. Microsoft Azure Active Directory B2B

Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company’s applications and services with guest users from any other organization, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don’t have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company’s resources. Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals. With Azure AD B2B, organization can:

  • Collaborate with any partner using their identities
  • Easily invite guest users from the Azure AD portal
  • Use policies to securely share your apps and services
  • Let application and group owners manage their own guest users
  • Customize the onboarding experience for B2B guest users
  • Integrate with Identity providers
  • Create a self-service sign-up user flow
  1. Microsoft Identity Platform for Developers

The Microsoft identity platform offers integration of modern innovations in the identity and security space like password-less authentication, step-up authentication, and Conditional Access. You don’t need to implement such functionality yourself: applications integrated with the Microsoft identity platform natively take advantage of such innovations. There are several components that make up the Microsoft identity platform:

  • Standard-based authentication service: compliance with OAuth 2.0, SAML and OpenID Connect, enabling developers to authenticate several identity types, including:
    • Work or school accounts, provisioned through Azure AD
    • Personal Microsoft account, like Skype, Xbox, and Outlook.com
    • Social or local accounts, by using Azure AD B2C
  • Open-source libraries: Microsoft Authentication Libraries (MSAL) and support for other standards-compliant libraries
  • Application management portal: A registration and configuration experience in the Azure portal, along with the other Azure management capabilities.
  • Application configuration API and PowerShell: Programmatic configuration of your applications through the Microsoft Graph API and PowerShell so you can automate your DevOps tasks.
  • Automated identity protection: automatically detect, investigate, and remediate identity risks for users and export all the information that was collected about risks to third-party tools and solutions so that you can further analyze it.
  • Developer content: Technical documentation including tutorials, how-to guides, and code samples.

Azure AD Support Options

There are a range of Azure AD support options that allow the customer to choose the plan that best fits, whether you’re a developer just starting your cloud journey or a large organization deploying business-critical, strategic applications. All Azure customers can access self-help options (Microsoft Learn, Azure portal how-to videos, documentation, and community support) or submit a request for help using the Azure portal.

Services

Supports eID

Yes

No

Area of focus

Consumers

Internal services (enterprise)

Identity provisioning (IdP)

As-a-Platform

API

As-a-Service

Wallet/SDK

Hub

On-board RPs

Offer translation of protocols

Handles federation

Integrate RPs/IDPs/Wallets

Can offer consent capture if required

Attribute brokerage

Can capture self-asserted

Can verify self-asserted

Can integrate with third parties (eg Open Banking)

Supports verified claims (VCs)

Verification services/support

Not supported

N/A

Yes – third party verifiers used (including Open Banking)

Yes – In-house verification service

Authentication

Password/username

Multiple factors (MFA)

Biometric

FIDO

Mobile device

Other

Data store functionality

Attribute storage

Attribute sharing

Configurable for specific sectors (e.g. health)

Use decentralised stores (eg Wallets or online)

Can offer consent capture/handling

Account management for users

Yes

No

On request

Account recovery

Self-service

Help desk

Key management required by user

Channel support

Omni-channel

Web

Mobile

Digital assistant

Wallet

Other

Protocol support

SAML 2.0

OIDC

Oauth

UMA

DID (decentralised identifiers)

Third party capability

External

Internal

Other

Other

Risk-based authentication

Anti-fraud support

Data minimisation support

Consent management

Variable registration (multi-user journey support)

Support for accessibility

Logging and audit

Billing system

User Journeys

Self-service

Offline options, incl. F2F

Upgrade paths to increase assurance levels over time

Creation of delegated accounts

Rules

To modify system behaviour

For risk-based authentication

To use events to drive transactions

To manage user journeys, including verification

To handle LOA upgrades/downgrades

API available

Yes

No

Wallet-based systems

Wallet available

SDK available

Decentralised

Handle payments

Handle identity document’s (eg drivers license)

Handle health information (eg vaccine certificates)

Other

Testimonials

“We chose the Azure platform because of its flexibility, extensive range of managed services, and highly integrated, multilayered approach to securing workloads. Azure exceeded the stringent security requirements, with its policies, end-to-end encryption, anomaly detection, and other capabilities. Using managed services on Azure helped us deliver the NHS App in a really rapid timeline and spend our time focusing on user needs rather than reinventing the wheel.”

Caoimhin Graham: Principal Architect, Kainos

“Using the combination of Cloud App Security and Azure AD helps us detect unusual patterns of behavior, expand more risk-based checks, and enforce user access, granting it only to devices and locations that we know are right.”

Chris Eaton, Director, Security Strategy and Architecture, BP

“We can use the Microsoft cloud to create applications that are HIPAA-compliant and meet the requirements for the General Data Protection Regulation (GDPR). “We have to get accreditation in the UK and in other countries where we operate, so Microsoft’s investments into security and compliance for their platform makes that a lot easier.”

John Kosobucki: Chief Technology Officer, OX.DH

Clients

Partners

Kainos

OX.DH

Acuant

Jumio

Idemia

LexisNexis Risk Solutions

Onfido

Socure

VU Security

F5

Zscaler

Citrix

Akamai

Paloalto

Cisco

Fortinet

Kemp

Strata

Ping Identity

Main point of contact

Email: MSUKIdentity@microsoft.com

Phone: 0344 800 2400