December 16, 2024

Nametag Now Available As Microsoft Entra External Authentication Method (EAM)

by
Nametag Team
press@nametag.co

Get in touch with our PR team.

Download media kit

Logos and graphics to help you cover Nametag.

Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

Learn how

Nametag is now available as an External Authentication Method (EAM) for Microsoft Entra. Entra ID admins can quickly add Deepfake Defense identity verification as a flexible, ultra-secure secondary factor. Use Nameatag to elevate Entra account security during high-risk account protection scenarios like employee onboarding, MFA resets, and step-up authentication when detecting suspicious behavior.

What is an External Authentication Method (EAM) in Microsoft Entra?

To support the complex and diverse requirements of modern enterprises, Microsoft allows Entra customers to use certain third-party authentication providers in order to satisfy the second factor of a multi-factor authentication (MFA) policy. As Microsoft explains, “An EAM can satisfy MFA requirements from Conditional Access policies, Microsoft Entra ID Protection risk-based Conditional Access policies, Privileged Identity Management (PIM) activation, and when the application itself requires MFA.”

Why Should I Use Nametag for Entra MFA?

Entra provides numerous secondary factors to fulfill MFA requirements. But most of them are vulnerable to a wide range of cyberattacks. Security news sites are filled with a constant flow of stories about how threat actors broke or bypassed these factors.

2Most recently, in December 2024, researchers at Oasis Security reported that they cracked a Microsoft Azure MFA method in just an hour, allowing them to gain unauthorized access to a user’s account and view emails, files, Teams chats, Azure Cloud and more assets. This single flaw exposes more than 400 million paid Microsoft 365 seats to potential account takeover, the researchers say. 

Earlier this year, the “ONNX” MFA bypass also targeted Microsoft 365 accounts with a highly organized phishing-as-a-service operation. Attackers exploited a 2FA bypass mechanism that can intercept 2FA requests using encrypted JavaScript code.

It’s no wonder that attackers are constantly targeting Microsoft MFA; Microsoft accounts are so valuable, the benefits of cracking them are enormous. Instead of putting your trust in secondary factors which have already been beaten, use Nametag.

Compare: Common Microsoft Entra MFA Methods

  • SMS or Email One-Time Passcode (OTP)Moderate Friction / Low Security.
    • Text messages and email were never meant to be security protocols, and are a popular target.
  • Temporary Access Pass (TAP)High Friction/ Moderate Security.
    • A TAP can only be issued by an Entra admin, resulting in a barrage of costly IT helpdesk tickets.
  • Video Call: High Friction / Moderate Security.
  • Voice CallHigh Friction / Low Security.
    • Phone calls offer no assurance that the other person is really who they claim to be.
  • Microsoft Authenticator (Push Notification): Moderate Friction / Moderate Security.
    • Vulnerable to push fatigue and AitM attacks, and don’t work if a user has lost their phone.
  • Hardware Token (e.g. Yubikey): High Friction / High Security.
    • Costly to issue and manage at scale, and a bad actor can simply claim to have lost their key. 

Protect Microsoft Entra Accounts with Nametag

Nametag is ideal for situations where security is paramount, such as employee onboarding and step-up authentication when you detect suspicious behavior. Authenticating with Nametag is fast and easy for legitimate users, while bad actors are thwarted from completing account takeovers.

Verification with Nametag takes under 30 seconds for first-time users and under 7 seconds for returning users thanks to express re-verification. Unlike other MFA factors, Nametag requires no pre-enrollment, and works even if you lose or upgrade your phone thanks to seamless re-binding.

Behind the scenes, our Deepfake Defense identity verification engine combines Cryptographic Attestation™, Adaptive Document Verification™, and Spatial Selfie™ technologies to combat advanced impersonation threats like injection attacks and deepfakes. Powered by Deepfake Defense, Nametag creates a high level of assurance while remaining more flexible than security keys and other factors.

Learn more about Deepfake Defense identity verification →

How to Set Up Nametag as a Microsoft Entra External Authentication Method (EAM)

Current customers of Nametag and Microsoft Entra can start using Nametag as an Entra EAM today! Simply contact your account rep to get started. If you’re not already a Nametag customer, or if you’d like to learn more about using Nametag as an External Authentication Method, drop us a line!

Secure your helpdesk against social engineering and impersonators.
Learn more about Nametag
Right Arrow Blue
We use cookies to provide, improve, and promote our services. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. Visit our Privacy Policy to learn more.
Decline
Accept All Cookies