Skip to main content

What is Microsoft Entra Verified ID?

What is Microsoft Entra Verified ID?

Microsoft Entra Verified ID is a component of the Microsoft Entra Suite, designed to securely manage and verify digital identities. For example, companies can use Verified ID to issue digital employee IDs, enabling employees to easily verify their identity and access secure resources. It enables organizations to issue, manage, and verify credentials, ensuring secure access to applications and services.

How Microsoft Entra Verified ID works

 https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-verified-id

1. Credential Issuance

Issuers, such as companies or government bodies, create and issue verifiable credentials to individuals. These credentials adhere to the W3C Verifiable Credentials standard, ensuring they are interoperable (i.e., can work across different platforms and systems seamlessly) and secure.

  • Creating the Credential: The issuer generates a digital credential containing relevant information, like an employee ID or professional certification.
  • Signing the Credential: The credential is cryptographically signed, ensuring authenticity and integrity.
  • Issuing the Credential: The signed credential is issued to the individual and stored in their digital wallet.

2. Credential Storage

Holders like individuals, receive and store their credentials in a secure digital wallet on their smartphone or another device.

  • Secure Storage: The credentials are protected using encryption to ensure they can't be tampered with.
  • User Control: Individuals decide when and with whom to share their credentials.

3. Credential Verification

Verifiers, such as employers or service providers, request proof of certain credentials.

  • Requesting Proof: The verifier asks for the individual's verifiable credential.
  • Presenting Credential: The individual shares the credential from their digital wallet.
  • Verifying Authenticity: Cryptographic methods are used to confirm the credential's validity, checking against a decentralized ledger or trusted registry.

Face Check Feature

Face Check is an advanced feature within the Microsoft Entra Suite that enhances identity verification through high-assurance facial matching, which involves a more rigorous comparison process that ensures accuracy and reliability beyond standard facial recognition. Unlike standard recognition, high-assurance matching includes additional checks for liveness and identity spoofing attempts. It works alongside ID Protection and ID Governance controls to ensure users are who they claim to be. This feature is particularly beneficial in scenarios requiring strong identity proofing, such as password resets or account recovery.

https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-verified-id

Adding Face Check introduces an extra layer of assurance by verifying a user’s "liveness" at the moment of credential use. Organizations can tailor their use of Face Check according to the risk associated with specific actions, allowing for more granular control.

Technical Framework

Standards and Protocols

  • W3C Verifiable Credentials:Ensures credentials are secure and interoperable.
  • Decentralized Identifiers (DIDs): Provides a unique identifier for each credential, supporting secure and private identity management.

Integration with Existing Systems

  • Compatibility: Integrates smoothly with existing identity management systems like Microsoft Entra ID.
  • API and SDK Support: Offers APIs and SDKs for developers to incorporate Verified ID into their apps and services.

Insights

Bypassing Face Check? Microsoft Entra Verified ID uses Azure AI Vision Face API for liveness detection. It verifies the authenticity of a person in real-time by analyzing live footage taken with the user's device camera. This robust detection technology prevents identity spoofing, including attempts involving photos, pre-recorded videos, or deepfakes.

Where Does My Face Check Data Go? When a Face Check is conducted, a selfie is taken on the user’s device and processed via Microsoft Entra Verified ID, using Azure AI Vision for comparison. The selfie image is immediately discarded once verification is complete, ensuring no retention on the device or by Microsoft. The verifier only receives a confidence score, not the image itself, preserving user privacy.

 

Back to all blogs

Featured blogs

13.12.2024

Building Effective Custom Detection Rules

Discover how to build effective custom detection rules (DCRs) to enhance your organization's cybersecurity defenses. This guide, based on lessons from the field, explores the 'what' and 'why' of detection engineering, compares proactive and reactive approaches, and outlines a structured, step-by-step process for crafting tailored rules that minimize risks and reduce SOC workload. Perfect for SOC analysts, detection engineers, and CISOs looking to stay ahead of evolving threats.

Read More