Microsoft is trying to simplify cybersecurity with a new customer-facing identity solution. The Entra management system is built atop a Microsoft Azure foundation, and is akin to a digital wallet that allows users to store a wide range of credentials and identity documents.
The identity component of Entra has been dubbed Verified ID. End users would be able to choose what goes into their Verified ID account, and when to share that information with a third party like a bank, the government, or an employer. Microsoft stated that the platform is being designed in accordance with decentralized identity principles, though it is yet to offer too many details about what that looks in practice.
In terms of utility, Microsoft is hoping that Verified ID will give organizations an easy way to confirm someone’s identity in a matter of seconds. The solution is intended to replace outdated and more vulnerable verification methods like usernames and passwords, which can and have been stolen through security breaches and other means. Microsoft itself was recently the target of the Lapsus$ hacking group, whose members were able to use social engineering techniques to steal employee login information and gain illicit access to an Azure server.
Verified ID is supposed to centralize identity information to provide a more consistent user experience, and eliminate the need for separate login information for each app. That, in turn, should make people more attuned to scam attempts that deviate from that norm. The platform could store everything from diplomas and a doctor’s note through to IDs and employment credentials, and any credentials could also be revoked by the issuing party.
Having said that, Microsoft has not yet offered many details about the security capabilities of Verified ID itself. The company’s announcement indicates that it will use multi-factor authentication, in addition to location and device information, to confirm that an account is in the hands of its proper owner and detect potential malfeasance. However, there is still a chance that bad actors might be able to get around those systems with enough creativity.
Microsoft is planning to make Verified ID available to the public sometime in August. The move is in keeping with a broader trend in the tech industry, with giants like Apple and Google already moving forward with plans for their own digital wallets in the past few months.