The Fastest Way to MFA Is Easier Than You Think — With the HID and Microsoft Entra ID Integration
How the HID Entra ID Integration Simplifies the Path to Passwordless
Few enterprise security professionals need to be reminded about the problem with passwords.
The statistics are as sobering as they are familiar: 70% of data breaches involve compromised credentials. The average cost of a data breach stands at $4.88 million.
Why, then, do 76% of organizations still use passwords as primary credentials, and only 40% rely on MFA?
I had a conversation with Eleanor Falla, Senior Product Manager at Microsoft Security, on how the most common issue is strategic — executives are interested in passwordless technologies, but they aren’t sure how to get started. What’s the best way to integrate modern multi-factor authentication (MFA) with legacy technologies? Would passkeys or PKI/certificate-based authentication (CBA) fit their end-to-end authentication journeys? Is it worth considering different authentication options for different populations of users?
In this article, I’ll explain how the HID and Microsoft Entra ID integration simplifies MFA adoption — and how it fits into a phased approach that can help IT security leaders accelerate their organizations’ path to fully phishing-resistant authentication.
Find Your Unique MFA Journey
Microsoft research suggests that MFA reduces the risk of compromise by more than 99.2%. Unfortunately, MFA solutions take time to implement, let alone adopt across the enterprise.
Legacy systems require significant updates to accommodate modern authentication methods. It is costly for organizations to acquire new devices and users might be resistant to carrying an additional device. Lastly, comprehensive change management efforts are needed to ensure a successful implementation and outcome.
The first step, though, is finding solutions that increase security now while building momentum for the future.
HID’s integrations with Microsoft give organizations straightforward, strong MFA options to meet them where they are, while supporting the move to completely phishing-resistant MFA. These different options are powered by the HID Authentication Platform portfolio, and they include:
The Fastest Way to MFA With Physical Access Cards
For organizations that are just starting to explore MFA, the best solution is often the simplest — one that leverages form factors that are familiar to users and systems that are already in place.
The HID Entra ID External Authentication Method (EAM) integration represents one of the fastest and most convenient ways to implement MFA because it enables organizations to use existing physical access cards as a factor to access all applications that are protected by the Entra ID identity and access management service, such as Microsoft 365 and the Azure portal.
This solution uses HID’s Authentication Service and simplifies MFA deployment while preventing users from having to carry an additional device.
Here’s how it works: users select HID as their MFA method and are redirected to the Authentication Service. To complete the authentication process, they simply tap their badge on a dedicated reader.
Going Hybrid – Choosing the Best MFA Method for Each Use Case
Today’s organizations serve a variety of user groups, each with specific security needs and varying levels of technical proficiency. HID’s broad range of authentication methods and form factors make it easy to tailor authentication journeys that fit each situation.
If only part of the workforce requires passkeys today, organizations can combine different authentication methods like using HID as an EAM with physical access cards and the Crescendo Cards or Keys for employees that require phishing-resistant MFA.
A hybrid approach maximizes flexibility in situations where a single technology does not fit all user groups.
Fully Passwordless with Phishing-Resistant MFA
Ready to go fully passwordless? Future-proof your authentication through our Crescendo product line, including smart cards and security keys equipped with FIDO technology (device-bound passkeys) as well as PKI/CBA. These powerful authenticators enable organizations to shift to a completely phishing-resistant, passwordless journey, and they’re also fully compatible with Microsoft and hybrid environments.
Crescendo Cards are an easy transition for employees who — through the HID Entra ID EAM integration — have grown accustomed to using physical cards to access both physical and digital resources. Crescendo Cards will offer a similar experience, however without the need for passwords. Other organizations may feel users are ready for Crescendo Cards or Keys without the intermediary step.
Preparing for a Phased Approach to Passwordless Adoption
HID and Microsoft support a phased approach to passwordless that leverages solutions like the Entra ID EAM integration to meet enterprises where they are on the journey to phishing-resistant authentication.
The key insight? Selecting the best MFA solution isn’t about finding a technology that fits all needs and use cases. It’s about tailoring a framework that optimizes the user experience and aligns with your organization’s existing technology environment, business needs and compliance mandates. And it doesn’t have to happen all at once.
I refer to this concept as “crawl, walk, run” — because the move to passwordless doesn’t have to be a sudden, all-encompassing process/technology shift, but a set of carefully plotted journeys that build momentum over time.
- Are users ready? Decide on which user group to target first – it may make sense to start with groups of users that are relatively sophisticated before moving on to more complex scenarios or before implementing for the full organization.
- What devices do you need? Evaluate which devices already support a move to passwordless versus areas that will require additional investments and upgrades.
- How will you encourage users to register? Targeted communications campaigns can help encourage users to register for the MFA and/or passwordless technologies you’re rolling out.
- How will you drive usage? Once you’ve implemented new authentication methods, keep in touch with users to answer questions and remind them why the change is important.
- How will you enforce phishing resistance? As usage ticks up, you can start using techniques like conditional access to enforce passwordless authentication on specific accounts and scenarios.
Cracking the MFA Code
It’s easy to be daunted by the size and frequency of today’s enterprise data breaches. The good news? Small steps can make a big difference when it comes to protecting your organization. HID’s comprehensive suite of MFA products and technologies makes it easy to get started — and transition to more secure options as employees adapt to the change.
HID puts authentication on your terms — in Microsoft environments and beyond. Read more about this powerful solution >>