Feeds

Microsoft defends Azure with two-factor auth security

Like Amazon, but it costs money

Beginner's guide to SSL certificates

Updated Microsoft's multi-factor authentication service has gone into general availability, doubling prices and giving enterprises a service-level agreement.

Microsoft announced the general availability of the product in a blog post on Thursday. The MFA technology allows admins to add an additional layer of security to accounts using the company's cloud services.

Users can authenticate via an application on their mobile device, an automated voice call, or a text message. The technology was introduced in June of this year, and is based on assets it gained from its acquisition of PhoneFactor in October 2012.

The service works with on-premises VPNs and web applications via integrating with Windows Server Active Directory, as well as with cloud applications such as Windows Azure, Office 365, and Dynamics CRM.

"The Preview period allows time to get customer feedback on new features and offers before generally available," a Microsoft spokesperson told El Reg.

"The security architecture is fully in place and tested before services are made available to customers in Preview. When the service becomes generally available, an SLA is added and pricing discounts offered during Preview are removed."

Pricing for the tech is $2 per user per month, or $2 for 10 authentications, making Microsoft significantly more expensive than Amazon Web Services, which charges nothing for a similar service. Additionally, Amazon sells a hardware-based authentication device from Gemalto for $12.99, although it lacks a phonecall or text message option for authentication and relies on an smartphone-based key-generating app. ®

Update:

When asked why Microsoft does not have a hardware-based option, Redmond said: "Hardware tokens are difficult to set up, manage, and use. Windows Azure Multi-Factor Authentication leverages the phone instead for improved convenience. We do offer a software token method using the Multi-Factor Authentication app for smartphones, which works like a hardware token to generate a one-time passcode. This is included in the per user or per authentication fee."

Beginner's guide to SSL certificates

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Do you spend ages wasting time because of a bulging rack?
No more cloud-latency tea breaks for you, users! Get a load of THIS
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.