RSA expands Microsoft tie-up with passwordless access

RSA has expanded support between RSA ID Plus and Microsoft 365 E7, extending the companies' identity security partnership.

The update focuses on authentication for workforce users and software-based agents inside corporate systems. It is intended to give organisations a single approach to verifying human and machine identities across hybrid, cloud and on-premises environments.

The announcement comes as cybersecurity suppliers adapt identity controls to the wider use of AI agents in business software. That shift has raised concerns that automated tools could gain broad access to internal applications and data without the checks applied to employees and administrators.

Under the expanded arrangement, RSA ID Plus for Microsoft will work with Microsoft 365 E7, which Microsoft has positioned for customers managing AI-related security risks. Customers can also use RSA's authentication tools in Microsoft Entra deployments through Microsoft Entra External MFA integration.

This allows organisations to apply RSA authentication methods and related security features within Entra configurations. The changes build on a broader relationship that includes RSA joining the Microsoft Intelligent Security Association, launching RSA Advisor for Admin Threats in Microsoft Security Copilot and deploying an RSA ID Plus Admin Logs Connector.

Passwordless Push

Alongside the Microsoft announcement, RSA introduced a new set of passwordless features that can be used on their own or with Microsoft Entra ID. They cover desktop sign-ins, mobile passkeys and datacentre environments, extending passwordless access beyond standard office applications to a wider range of systems.

The desktop update covers macOS and Windows, with online, offline and hybrid high-availability options. RSA also added mobile passkeys with proximity verification, as well as passwordless support for Linux and operating system servers in datacentre settings.

RSA is trying to address a longstanding barrier to passwordless adoption: many organisations have been able to use it for some workers or devices, but not across every environment they run. By adding support for desktops, servers and settings where connectivity may be interrupted, the company is targeting sectors with more complex infrastructure and stricter operational requirements.

Jim Taylor, President and Chief Product & Strategy Officer at RSA, said the focus was on reliability under difficult conditions. "At RSA, passwordless isn't just a feature-it's a discipline that has to hold when everything else breaks," Taylor said.

Greg Nelson, CEO of RSA, linked the update to the spread of machine identities in day-to-day operations.

"The rise of AI agents in the enterprise means organizations need to rethink how they secure every identity-human and machine alike," Nelson said. "Expanded RSA passwordless capabilities and advanced MFA resilience features, now available in Microsoft E7, allow organizations to eliminate passwords, stop advanced identity threats, and streamline secure access at scale."

Microsoft Ties

Microsoft's security partner programme also featured in the announcement. Maria Thomson, Director of the Microsoft Intelligent Security Association, described the collaboration as joint work between vendors and customers.

"The Microsoft Intelligent Security Association represents a dynamic and trusted community of leading security innovators worldwide," Thomson said. "Our partners, including RSA Security, are united by a shared commitment to advancing cybersecurity collaboration, empowering customers to anticipate, identify, and address emerging threats with greater speed, efficacy, and confidence."

RSA's marketing leadership also framed the partnership around customers with demanding compliance and operational needs.

"The partnership between RSA and Microsoft is pivotal for customers facing increasingly complex security demands," said Laura Marx, Chief Marketing and Growth Officer at RSA. "By working together through the Microsoft Intelligent Security Association and advancing integrated solutions for Microsoft Entra ID, we empower high-security, highly complex, and highly regulated organizations with the most resilient and innovative security measures available."

The latest changes also reflect a broader trend in identity security, as vendors try to move beyond employee login protection toward tighter control of service accounts, privileged users and machine-driven activity. As AI features become embedded in workplace software, identity products are increasingly being sold as a way to decide not just who can access systems, but what automated processes can do once inside them.

RSA also pointed to its own internal deployment of passwordless tools. In a case study cited by the company, the FIDO Alliance detailed how RSA used its own products to implement near-universal passwordless access across its global workforce.

Taylor said RSA's message is that passwordless systems must work beyond ideal conditions.

"While the industry talks about passwordless for the demo, RSA delivers passwordless for the outage, the edge case, and the scenarios that no one else wants to think about. With our newly announced enhancements-ranging from desktop passwordless V2 for both macOS and Windows, to high-availability options that work online, offline, and in hybrid environments, to advanced mobile passkeys and datacenter support-RSA passwordless ensures that organizations never compromise," he said.