Moving to the cloud can help organizations enhance collaboration, reduce costs, and operate more efficiently. But it can also introduce new security vulnerabilities, challenge IT departments, and break processes that had been running using on-premises resources. Moreover, organizations that need to meet Cybersecurity Maturity Model Certification (CMMC 2.0) or Government Community Cloud (GCC) requirements face additional hurdles that can make moving to the cloud a slow, costly, and aggravating process.
That’s why RSA is working with Microsoft to secure and accelerate cloud migrations. The RSA External Authentication Method (EAM) integration can help Microsoft users move to the cloud securely, evolve their Zero Trust maturity, and gain further value from on-premises resources.
In 2024, Microsoft recognized that its customers may want to use additional security capabilities to protect users’ identities.
EAM integrations allow organizations to do just that: the RSA EAM integration allows organizations to protect access to Microsoft resources using RSA® ID Plus. The integration, which has already been deployed by hundreds of commercial and government customers, allows customers to deploy phishing-resistant, passwordless authentication capabilities like FIDO2 protocols, biometrics, and QR Code authentication, across cloud and hybrid environments.
RSA EAM ensures that organizations can bring nearly all RSA capabilities to bear on the authentication and sign-in processes.
That’s particularly noteworthy for high-risk events like credential recovery and secure enrollment. By leveraging RSA ID Plus, users can seamlessly and securely enroll into their organization with Identity Verification (IDV) while maintaining a high level of identity assurance.
This is particularly valuable for financial services institutions and other highly regulated industries, ensuring that every user starts with a strong and verified identity and protecting the entire identity lifecycle, reducing the risk of unauthorized access from the outset.
As more organizations move to the cloud, ensuring a secure transition is a top priority—especially for IT teams managing on-premises authentication infrastructures.
That initiative is particularly challenging for organizations exploring Entra ID. The Microsoft solution doesn’t support on-premises resources: organizations would need to move all resources, data, and applications to the cloud immediately to deploy Entra ID. Doing so would likely entail a complete overhaul of their existing infrastructure that requires substantial resources to migrate applications and data. This process can be time-consuming and may introduce new vulnerabilities.
The RSA EAM solution addresses this issue by allowing organizations to continue leveraging existing on-premise authenticators while expanding to the cloud, minimizing the disruption associated with such a major transition. With 70% of organizations operating in hybrid environments, organizations should be able to secure all users across all environments—without having their IT infrastructure or decision-making dictated by vendors’ limitations.
IT teams can use RSA EAM to protect cloud access using secure on-prem authenticators, providing continuity and security throughout their transition to the cloud—and the flexibility to move to the cloud at their own pace. With RSA EAM, IT teams can maintain their investments in existing authentication methods while extending their reach to secure cloud applications—making the journey to the cloud secure, seamless, and more efficient.
“We recognize the challenges faced by IT teams transitioning to the cloud, and RSA is here to empower them at every step,” says Kenn Chong, RSA Consultant Product Manager.
“Our approach is designed to help financial services and other highly regulated industries continue leveraging the authenticators they trust while securely enabling access to cloud environments. We simplify the complex transition process, allowing IT teams to focus on securing and scaling their infrastructure rather than worrying about compatibility or migration hurdles.”
RSA EAM can help organizations comply with the Microsoft multi-factor authentication (MFA) requirements for Azure sign-in and authentication. By integrating RSA EAM into their sign-in and authentications processes, organizations can ensure that their environments remain secure and keep their users connected to the services they need.
“This integration will provide our customers with even more flexibility and choice when it comes to securing their systems against the rising threat of phishing attacks,” said Natee Pretikul, Principal Product Management Lead, Microsoft Security.
RSA EAM also protects Windows Hello setup and provides our customers with a full suite of capabilities for comprehensive security coverage The solution can protect every entry point—from critical administrative access to the Windows Hello Experience—with a range of authentication protocols, including QR codes, biometrics, passkeys, and more.
This depth and breadth ensure that organizations can deploy modern authentication methods without compromising on security. It also allows IT administrators to streamline policy management without additional complexity, a key differentiator that makes our solution stand out.
Kenn Chong, RSA Consultant Product Manager, adds, “Our collaboration with Microsoft takes identity security to the next level by providing seamless and powerful integration. We’re not just offering another layer of security—we’re transforming how enterprises can protect their environments by making advanced multi-factor authentication accessible and easy to use. This level of security is exactly what’s needed for organizations that handle highly sensitive information and need unwavering compliance.”
For government contractors and organizations handling sensitive information, achieving compliance with GCC High standards is crucial. The RSA EAM integration meets these stringent requirements while maintaining flexibility for users accessing Azure and Office environments from non-GCC endpoints.
Brandon Hoffman, Deputy Director, Cloud Solutions & Systems, CIO, CNA commented on the RSA EAM integration and its ability to meet GCC high:
“We have been able to successfully authenticate using our RSA Tokens to our Azure environment now. Having more folks in IT/security test it out, but so far this looks like a transformative solution for us, and will allow us to provide much more flexibility for users accessing our Azure/Office environment from non-CAN endpoints.”
The RSA EAM integration helps organizations meet several CMMC 2.0 requirements, particularly those related to access control and multi-factor authentication(MFA). Here’s how RSA aligns with these compliance needs:
- Access Control (AC.L2-3.1.3): Enforce MFA for network access to privileged accounts: RSA EAM enables secure MFA for privileged accounts, such as Azure sign-in and administrative accounts. This capability helps organizations safeguard sensitive systems and comply with this critical access control requirement.
- Identification and Authentication (IA.L2-3.5.3): Use MFA for local and network access to privileged accounts and for network access to non-privileged accounts: RSA’s EAM provides the necessary infrastructure to meet this requirement through integration with Microsoft, ensuring secure access to critical resources.
- Access Control (AC): Employ multifactor authentication for access to non-privileged accounts: This helps organizations enforce MFA consistently across users, aligning with the requirements of CMMC 2.0.
These requirements are designed to enhance the security of sensitive information by ensuring robust identity verification practices. With RSA’s comprehensive MFA capabilities and strong integration with Microsoft, organizations can achieve compliance with CMMC 2.0, while advancing their Zero Trust maturity and reducing their attack surface.
When security leaders think of “better together,” they think of solutions that work seamlessly to eliminate gaps, reduce risk, and create a simpler experience.
That’s exactly what RSA and Microsoft have delivered with this integration—the ability to provide robust identity security that meets critical compliance requirements while adding a layer of trust for those who need it most. By leveraging the RSA EAM integration along with ID Plus, organizations can confidently address compliance needs, reduce risk, and accelerate their journey towards an optimal stage of Zero Trust maturity.
This combined solution not only delivers powerful security but also provides a seamless experience for administrators and end-users, ultimately enhancing productivity and offering peace of mind.
