Microsoft Entra ID New Feature Removes MFA Limitations for Users

Microsoft has said that external multifactor authentication for Microsoft Entra ID is now available to everyone. This release gets rid of the platform's previous limitations, allowing businesses to add trusted third-party MFA providers directly to their central identity control plane. The new external MFA feature is based entirely on the OpenID Connect (OIDC) standard.

Every user who signs in through an external MFA provider still has to go through a full security check. The system still does risk assessments in real time and enforces session controls that have been set up. Administrators can adjust how often users need to sign in to find the right balance between user productivity and strict security standards. The feature is aimed at businesses that have identity systems that are broken up or have strict requirements from outside sources.

It completely takes the place of the older Custom Controls feature in Microsoft Enta ID.

Microsoft has set September 30, 2026, as the date when Custom Controls will no longer be supported. For the next six months, existing custom configurations will keep working. This will give administrators enough time to finish moving to the new OIDC-based architecture.

Go to Microsoft.com/EntraID and follow them on Twitter @MicrosoftEntraId and LinkedIn to learn more.