What is Microsoft Authentication Broker & where to use it?

Microsoft Authentication Broker is used to enable Single Sign-on.

News

Reading time icon 2 min. read

Calendar icon Published on

by Flavius Floare 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Azure AD changed its name to Entra ID, but the services are still the same.
  • Some of them, like Microsoft Broker Authenticator, seem to confuse people.
  • However, Microsoft Authentication Broker is a service that enables Single Sign-ons.
Microsoft Authentication Broker

Between Microsoft battling FTC for the right to buy Activision-Blizzard, July has been a month of changes for the Redmond-based tech giant. Microsoft Inspire 2023, which happened last week, also brought forward a lot of new products, partnerships, and updates from Microsoft.

We’re seeing AI in almost everything Microsoft-related, from Microsoft Store to Microsoft Teams and Windows 11. It’s safe to say AI is slowly changing everything.

On another side of changes, Azure Active Directory (Azure AD) changed its name to Entra, or specifically Microsoft Entra ID. And along with it, while there isn’t any change coming to the platform, some of the features’ names might confuse some people.

Conditional Access: What is ‘Microsoft Authentication Broker’?
byu/miyo360 inentra

There is one feature, specifically, which causes a lot of confusion. We’re talking about the Microsoft Authentication Broker feature which is present on the platform. One user, for example, found out that Microsoft Authentication Broker bypasses Multi-Factor Authentication. So what is Microsoft Authentication Broker?

What is Microsoft Authentication Broker?

Basically, Microsoft Authentication Broker is a token broker service that is used to enable SSOs, which is Single Sign-On. With the Single Sign-on option, you can practically log in to several related but independent software applications with a single ID.

Single Sign-on is the opposite of Multi-factor Authentication, that sort of authentication that requires you to take several steps to log in to an app.

And these Single Sign-ons are sometimes enabled by Microsoft Authentication Broker. You can find it on different devices such as:

  • Windows 10/11 devices: they have it built into the OS
  • Android devices use Microsoft Authenticator or Microsoft Company Portal
  • IOS/IpadOS uses Microsoft AuthenticatorMicrosoft Authentication Broker
  • MacOS uses Company Portal with the MacSSO extension deployed

Microsoft Authentication Broker is used in Microsoft platforms, including Entra. It acts like an authority that certificates and validates the authentication of clients, including users and services.

What do you think about it? Is Multi-factor authentication preferable to it or not? Let us know in the comments section below.

More about the topics: microsoft, Microsoft Azure

Flavius Floare

Flavius Floare Shield

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling. He's always curious and ready to take on everything new in the tech world, covering Microsoft's products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that's always ready to bring you the bleeding edge!