Multifactor authentication operates as a critical defense mechanism for securing user identities against targeted cyber attacks. Microsoft reports that implementing MFA effectively reduces the risk of account compromise by more than 99%.
To expand these protections, Microsoft has announced the General Availability of external multifactor authentication for Microsoft Entra ID.
This release removes previous platform limitations, enabling organizations to integrate trusted third-party MFA providers natively into their central identity control plane.
Microsoft Entra ID MFA Feature
The new external MFA capability relies entirely on the OpenID Connect (OIDC) standard. This standardized approach allows identity administrators to connect their preferred third-party MFA solutions without circumventing core policy enforcement.
Once integrated, these external authentication methods are managed directly alongside native Microsoft Entra ID options.
Configure external MFA in Microsoft Entra ID (source: Microsoft)
Security teams benefit from a unified management interface to monitor and configure all authentication activities across the enterprise infrastructure.
A primary technical advantage of this architecture is its seamless integration with Conditional Access policies. Every user sign-in routed through an external MFA provider still undergoes a full security evaluation.
The system continues to perform real-time risk assessments and enforces configured session controls. Administrators can fine-tune sign-in frequency requirements to balance user productivity with strict security standards.
Microsoft advises security teams to configure these prompts carefully, as overly frequent reauthentication requests can condition users to approve malicious prompts and increase susceptibility to phishing.
External MFA resolves several complex identity management challenges for enterprise environments.
Sign-in with external MFA (source: Microsoft)
The feature specifically targets organizations dealing with fragmented identity systems or strict external requirements.
This release officially initiates the phase-out of legacy authentication integration methods. The new external MFA framework completely replaces the older Custom Controls feature within Microsoft Entra ID.
Microsoft has scheduled the formal deprecation of Custom Controls for September 30, 2026. Existing custom configurations will continue to function for the next six months, giving administrators adequate time to complete their migration to the new OIDC-based architecture.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Entra ID New Feature Removes MFA Limitations for Users appeared first on Cyber Security News.
