Microsoft Security Blog: US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID

Mar 27, 2025

—

Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/27/us-department-of-labors-journey-to-zero-trust-security-with-microsoft-entra-id/
Source: Microsoft Security Blog
Title: US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID

Feedly Summary: Discover how the U.S. Department of Labor enhanced security and modernized authentication with Microsoft Entra ID and phishing-resistant authentication.
The post US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID appeared first on Microsoft Security Blog.

AI Summary and Description: Yes

**Summary:**
The text discusses how the U.S. Department of Labor (DOL) has transitioned to a Zero Trust security model using Microsoft’s Entra ID. By consolidating their identity systems, incorporating phishing-resistant authentication, and utilizing risk-based Conditional Access policies, they aim to enhance security and streamline user access. This reflects broader trends in identity management and security that are increasingly crucial for government agencies and organizations adopting advanced cybersecurity measures.

**Detailed Description:**
The U.S. Department of Labor (DOL) is taking significant steps to modernize its identity management and security practices through the adoption of Microsoft Entra ID, focusing on a Zero Trust security model. The major points outlined in the text include:

– **Centering on Zero Trust Security**:
– DOL is transitioning to a Zero Trust security framework to meet federal cybersecurity standards.
– This model emphasizes verifying all access requests as though they originate from an open network.

– **Implementing Microsoft Entra ID**:
– The DOL consolidated its diverse identity systems (including on-premises Active Directory and Ping Federate) into Microsoft Entra ID to simplify and secure application access.
– Features such as single sign-on (SSO) and support for industry-standard protocols (SAML and OIDC) facilitate streamlined access for users.

– **Strengthening Authentication**:
– By integrating phishing-resistant multifactor authentication (MFA) using device-bound passkeys in the Microsoft Authenticator app, DOL enhances the security of privileged accounts, reducing risks associated with phishing attacks.
– The transition to using passkeys promises faster and less costly authentication processes compared to traditional methods.

– **Risk-Based Conditional Access Policies**:
– DOL evolved from static access controls to dynamic risk-based policies that account for user, device, and sign-in risks.
– Access decisions are tailored based on varying risk assessments for ‘privileged users’ versus ‘regular users’, ensuring that high-risk scenarios are properly managed.

– **Utilizing Reporting Tools for Security Insights**:
– The “report-only” mode of Conditional Access policies enables DOL to analyze user behavior without immediate enforcement, identifying potential security risks and enabling better decision-making for policy adjustments.
– The visibility gained allows DOL to refine its security policies, clearing out inconsistencies and outdated practices.

– **Future Directions**:
– DOL aims to implement attestation measures to confirm that all users are using the authentic Microsoft Authenticator app.
– Future projects may include joining devices to Entra ID for enhanced cloud-based management and deployment of security updates and policies.

Overall, DOL’s strategic shift to Microsoft Entra ID and a risk-based Zero Trust approach showcases vital trends in contemporary cybersecurity practices, particularly for government agencies focused on improving identity security. Organizations in similar sectors may find useful insights in DOL’s experience as they consider modernizing their own security frameworks.

2 2025 3 5 7 a access access control access controls access policies account Act Active Directory adoption AI and app Application art as assessment attack attacks attestation authentication Authentication Process authentication processes based based policies Behavior by C CIA CleaR Cloud cloud-based co Col Condi conditional access conditional access policies control controls cost cyber cybersecurit Cybersecurity cybersecurity measures cybersecurity practices cybersecurity standards D de decision decision-making decisions deployment e end enforcement enhanced security Entra exp experience fact factor authentication factor authentication (MFA) fast feature features federal cybersecurity fine first focused for framework frameworks future future directions g Gen Go government government agencies H high HR http HTTPS identity identity management identity security in industry insights iOS IRS J Just k Key keys l Labor led Li low making man management media MFA Micro Microsoft Microsoft Entra Microsoft Security Microsoft Security Blog Mila ML Mode model Modern multi multifactor authentication N network o of on one only open opt organization organizations ory out over passkey Passkeys phi phishing phishing attack Phishing Attacks phishing-resistant authentication point policies policy policy adjustments porting post potential pre premises privileged accounts process processes project projects protocol protocols Q R rate RCE red report reporting resistant Risk Risk Assessment risk assessments risks Ro RoT Rust s SAML sec sector secure security security framework security frameworks security measure security measures Security Model security policies security practices security risk security risks security standards security update security updates shift side Sig Sim single single sign single sign-on Single Sign-On (SSO) SoC solid source SSE SSO standards Station strategic strategic shift system systems T test text the to tool tools Tor TP transition trends trust Trust Security two U.S. up update updates US use user User Access user behavior Users uth V visibility Wi x zero Zero Trust Zero Trust approach Zero Trust security Zero Trust Security Model