At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. This mission is grounded in both the world in which we live and the future we strive to create.
Today, we live in a mobile-first, cloud-first world, and the transformation we are driving across our businesses is designed to enable our customers to thrive in this world. We do business in over 120 countries and are made up of 182,000 passionate employees dedicated to fulfilling our mission of helping you and your organization achieve more.
Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Our platforms and tools help drive small business productivity, large business competitiveness, and public-sector efficiency. We offer an array of services, including cloud-based solutions that provide customers with software, services, and platforms, and we provide solution support and consulting services.
Share
Main office address
Microsoft Reading,
UK Headquarters
Thames Valley Park
Reading
RG6 1WG
Key Products / Services / Sectors (USPs)
Microsoft’s Azure Active Directory (Azure AD) is a comprehensive digital identity cloud solution for your employees, partners, and customers. It combines directory services, advanced identity governance, application access management, verifiable credential service and a rich standards-based platform for all their apps across cloud and on-premises. Azure AD includes the following solutions to meet all your digital identity needs:
Azure Active Directory B2C – manage your customers’ identities and access.
-
- The new Azure Active Directory Verified Credentials Service enables users to independently generate, present, and verify identity claims.
Azure Active Directory B2B – Invite external users into your Azure AD tenant as guest users and assign permissions for authorization while they use their existing credentials for authentication.
Microsoft Identity Platform – allows developers to integrate modern, standards-based authentication solutions and authorization into apps your users and customers use and includes open-source libraries and application management tools.
- Microsoft Azure Active Directory B2C
Azure Active Directory B2C (Azure AD B2C) is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring and automatically handling threats like denial-of-service, password spray, or brute force attacks. Key features include:
Custom-branded identity solution: Azure AD B2C is a white-label authentication solution. You can customize the entire user experience with your brand so that it blends seamlessly with your web and mobile applications. Customize every page displayed by Azure AD B2C when your users sign up, sign in, and modify their profile information.
Single sign-on access with a user-provided identity: Azure AD B2C uses standards-based authentication protocols including OpenID Connect, OAuth 2.0, and SAML. It integrates with most modern applications and commercial off-the-shelf software. By serving as the central authentication authority for your web applications, mobile apps, and APIs, Azure AD B2C enables you to build a single sign-on (SSO) solution for them all.
Integration with external user stores: Azure AD B2C provides a directory that can hold 100 custom attributes per user. However, you can also integrate with external systems. Azure AD B2C can also facilitate collecting the information from the user during registration or profile editing, then hand that data off to the external system. Then, during future authentications, Azure AD B2C can retrieve the data from the external system and, if needed, include it as a part of the authentication token response it sends to your application.
Progressive profiling/step up authentication: Another user journey option includes progressive profiling or step-up authentication. Progressive profiling allows your customers to quickly complete their first transaction by collecting a minimal amount of information. Then, gradually collect more profile data from the customer, as needed, on future sign-ins.
Third-party identity verification and proofing: facilitate various levels of identity verification and proofing by collecting user data, then passing it to a third-party system to perform validation, trust scoring, and approval for digital identity creation.
Protect and govern access: safeguard user credentials using a Zero Trust approach where the organization always verifies first before a user or device is trusted. Based on strong multi-factor authentication and intelligent conditional access policies in Azure AD, combined with endpoint management and security in M365 E3/E5. For the fourth year in a row, Microsoft is a worldwide leader in the Magic Quadrant for Access Management.
Seamless omnichannel experience: Leveraging the omnichannel capabilities of Microsoft Dynamics 365 in combination with solutions from our extensive network of partners, you can create a seamless omnichannel platform powered by Microsoft Azure to create a frictionless experience for your customers and partners across all channels.
Secure, flexible cloud environments: Microsoft offers Azure Active Directory deployed in the global public cloud, isolated national clouds or other private clouds designed to make sure that data residency, sovereignty, and compliance requirements are respected. Azure Active Directory Domain Services reduces the complexity of migrating on-premises apps to Azure and handles infrastructure when running apps both on-premises and in the cloud.
- Azure Active Directory Verifiable Credentials (Public Preview)
Decentralized identity is a trust framework in which digital identities can be created that are self-owned, standards-based, and enable data exchange using blockchain and distributed ledger technology to protect privacy and secure transactions.
Microsoft’s verifiable credential solution will equip organizations to take advantage of decentralized identity, by allowing identity owners to generate, present, and verify digital identities. This innovative approach empowers the user while allowing trust to be established between a user and service provider.
Azure Active Directory Verifiable Credentials is currently in public preview which means certain features might not be supported or might have constrained capabilities. Visit microsoft.com to sign up for the Microsoft Azure AD Verifiable Credentials public preview.
- Microsoft Azure Active Directory B2B
Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company’s applications and services with guest users from any other organization, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don’t have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company’s resources. Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals. With Azure AD B2B, organization can:
- Collaborate with any partner using their identities
- Easily invite guest users from the Azure AD portal
- Use policies to securely share your apps and services
- Let application and group owners manage their own guest users
- Customize the onboarding experience for B2B guest users
- Integrate with Identity providers
- Create a self-service sign-up user flow
- Microsoft Identity Platform for Developers
The Microsoft identity platform offers integration of modern innovations in the identity and security space like password-less authentication, step-up authentication, and Conditional Access. You don’t need to implement such functionality yourself: applications integrated with the Microsoft identity platform natively take advantage of such innovations. There are several components that make up the Microsoft identity platform:
- Standard-based authentication service: compliance with OAuth 2.0, SAML and OpenID Connect, enabling developers to authenticate several identity types, including:
- Work or school accounts, provisioned through Azure AD
- Personal Microsoft account, like Skype, Xbox, and Outlook.com
- Social or local accounts, by using Azure AD B2C
- Open-source libraries: Microsoft Authentication Libraries (MSAL) and support for other standards-compliant libraries
- Application management portal: A registration and configuration experience in the Azure portal, along with the other Azure management capabilities.
- Application configuration API and PowerShell: Programmatic configuration of your applications through the Microsoft Graph API and PowerShell so you can automate your DevOps tasks.
- Automated identity protection: automatically detect, investigate, and remediate identity risks for users and export all the information that was collected about risks to third-party tools and solutions so that you can further analyze it.
- Developer content: Technical documentation including tutorials, how-to guides, and code samples.
Azure AD Support Options
There are a range of Azure AD support options that allow the customer to choose the plan that best fits, whether you’re a developer just starting your cloud journey or a large organization deploying business-critical, strategic applications. All Azure customers can access self-help options (Microsoft Learn, Azure portal how-to videos, documentation, and community support) or submit a request for help using the Azure portal.
Services
Supports eID
Yes
No
Area of focus
Consumers
Internal services (enterprise)
Identity provisioning (IdP)
As-a-Platform
API
As-a-Service
Wallet/SDK
Hub
On-board RPs
Offer translation of protocols
Handles federation
Integrate RPs/IDPs/Wallets
Can offer consent capture if required
Attribute brokerage
Can capture self-asserted
Can verify self-asserted
Can integrate with third parties (eg Open Banking)
Supports verified claims (VCs)
Verification services/support
Not supported
N/A
Yes – third party verifiers used (including Open Banking)
Yes – In-house verification service
Authentication
Password/username
Multiple factors (MFA)
Biometric
FIDO
Mobile device
Other
Data store functionality
Attribute storage
Attribute sharing
Configurable for specific sectors (e.g. health)
Use decentralised stores (eg Wallets or online)
Can offer consent capture/handling
Account management for users
Yes
No
On request
Account recovery
Self-service
Help desk
Key management required by user
Channel support
Omni-channel
Web
Mobile
Digital assistant
Wallet
Other
Protocol support
SAML 2.0
OIDC
Oauth
UMA
DID (decentralised identifiers)
Third party capability
External
Internal
Other
Other
Risk-based authentication
Anti-fraud support
Data minimisation support
Consent management
Variable registration (multi-user journey support)
Support for accessibility
Logging and audit
Billing system
User Journeys
Self-service
Offline options, incl. F2F
Upgrade paths to increase assurance levels over time
Creation of delegated accounts
Rules
To modify system behaviour
For risk-based authentication
To use events to drive transactions
To manage user journeys, including verification
To handle LOA upgrades/downgrades
API available
Yes
No
Wallet-based systems
Wallet available
SDK available
Decentralised
Handle payments
Handle identity document’s (eg drivers license)
Handle health information (eg vaccine certificates)
Other
Testimonials
“We chose the Azure platform because of its flexibility, extensive range of managed services, and highly integrated, multilayered approach to securing workloads. Azure exceeded the stringent security requirements, with its policies, end-to-end encryption, anomaly detection, and other capabilities. Using managed services on Azure helped us deliver the NHS App in a really rapid timeline and spend our time focusing on user needs rather than reinventing the wheel.”
Caoimhin Graham: Principal Architect, Kainos
“Using the combination of Cloud App Security and Azure AD helps us detect unusual patterns of behavior, expand more risk-based checks, and enforce user access, granting it only to devices and locations that we know are right.”
Chris Eaton, Director, Security Strategy and Architecture, BP
“We can use the Microsoft cloud to create applications that are HIPAA-compliant and meet the requirements for the General Data Protection Regulation (GDPR). “We have to get accreditation in the UK and in other countries where we operate, so Microsoft’s investments into security and compliance for their platform makes that a lot easier.”
John Kosobucki: Chief Technology Officer, OX.DH