Microsoft starts multi-factor authentication for Windows Azure

Microsoft is now offering preview version of multi-factor authentication capabilities to Windows Azure to allow enterprises to secure employee, partner and customer access to cloud applications.

According to Microsoft, the feature is another layer of protection when accessing Office 365, Windows Azure, Windows Intune, Dynamics CRM Online, and many other tools that are integrated with Windows Azure Active Directory (WAAD).

Microsoft’s new service, Active Authentication, works by adding an extra step to the sign in process: after a user enters their username and password, they are required to also authenticate in one of three ways: using the Active Authentication app on their mobile device, via an automated phone call, or via an automated text message (SMS).

It offers the following capabilities:

Rapid set up: To enable multi-factor authentication, add the Active Authentication service to your Windows Azure AD tenant and turn it on for your users. You can also add the service to your custom applications using just a few lines of code.

Automated Enrollment: WAAD users enroll their own phone numbers and set authentication preferences during the standard sign in process. There are no tokens to provision and ship, Microsoft says, so you can quickly enable the service for users around the globe.

Scalable: Active Authentication is “reliable and scalable and supports high-volume, mission critical applications and large-scale employee, partner, and customer deployments,” according to Microsoft.

Unfortunately, it’s not free. Active Authentication $1.00 per user per month or $1.00 for every 10 authentications, but Microsoft plans to double that when it deems the service ready for general availability.