Products
Solutions- MFA for Exchange Emails
- MFA for Office 365 Emails
- MFA for AD-Joined Computer Login
- MFA for Entra-Joined Computer Login
- MFA for Entra ID (External MFA)
- MFA for VPN
- MFA for Remote Desktop
- MFA for IIS Websites
- MFA for Cloud Services
- MFA for Office 365
- MFA for NetMotion Mobility
- MFA for Parallels RAS
- Electronic Visit Verification
Authenticators
SaaS
Services
Compliance
Resources
Tools
MFA for Entra ID (External MFA)
Microsoft External MFA (EAM) with DualShield MFA
With the general availability of External MFA (also known as External Authentication Method, or EAM) in Microsoft Entra ID, organisations can now integrate third-party authentication solutions directly into their identity workflows.
This enables businesses to move beyond built-in MFA options and adopt specialised authentication platforms that better meet their security, compliance, and operational needs.
DualShield MFA by Deepnet Security is a fully supported External MFA solution for Entra ID, already deployed by organisations worldwide.
What is External MFA (EAM)?
External MFA allows organisations to delegate authentication to an external provider while still using Entra ID as the primary identity platform.
With EAM, you can:
- Use third-party MFA methods in Entra authentication flows
- Enforce advanced authentication policies beyond native capabilities
- Centralise authentication across cloud and on-premise systems
- Maintain flexibility without compromising security
Why Use DualShield as External MFA?
While Entra ID provides built-in MFA, many organisations require greater flexibility, stronger authentication methods, or unified control across multiple systems.
DualShield enhances Entra with enterprise-grade MFA capabilities.
1. Broader Authentication Methods
DualShield supports a wide range of authentication options, including:
- SMS and email OTP
- Mobile & SMS push authentication
- One-time passwords (OTP)
- FIDO-based authentication
- Device-based authentication
- Smartcard certificate-based authentication
- Biometric authentication
This allows organisations to choose the most appropriate method for each user group.
2. Unified MFA Across All Systems
Unlike native Entra MFA, DualShield can be used across:
- Cloud applications (via Entra ID, SML and OIDC)
- On-premise systems (PCs, VPN, RDP, IIS, etc.)
- Legacy applications
This provides a single MFA platform for the entire organisation.
3. Advanced Policy Control
DualShield enables granular authentication policies, such as:
- Context-aware authentication
- Step-up authentication
- Risk-based rules
- Per-application MFA policies
This level of control goes beyond standard Entra MFA capabilities.
4. Token Lifecycle Management
DualShield includes a full token management system:
- Automatic enrolment
- Token provisioning (hardware & software)
- Lifecycle management and revocation
This is particularly important for organisations deploying large numbers of users or hardware tokens.
5. Regulatory Compliance & Data Control
For organisations with strict compliance requirements:
- Authentication data can remain under organisational control
- Supports on-premise or private cloud deployment
- Helps meet regulatory and data sovereignty requirements
Proven Integration with Microsoft Entra ID
DualShield integrates seamlessly with Entra ID using the External Authentication Method (EAM) framework.
Key integration features:
- Standards-based authentication flow
- Secure API-based communication
- Support for Conditional Access policies
- Transparent user experience
Many organisations have already deployed DualShield as their external MFA provider for Entra ID in production environments.
How It Works
- User attempts to access an Entra-protected application
- Entra ID redirects authentication to DualShield (EAM)
- DualShield performs MFA using configured methods
- Authentication result is returned to Entra ID
- Access is granted based on policy
Key Benefits
- Extend Entra MFA capabilities without replacing your identity platform
- Achieve consistent MFA across cloud and on-premise systems
- Support a wide range of authentication methods
- Improve security posture with advanced policies
- Maintain control over authentication infrastructure
Get Started
DualShield MFA is ready to be deployed as an External MFA provider for Microsoft Entra ID.
To learn more:
Conclusion
The introduction of External MFA in Microsoft Entra ID marks a significant shift toward more flexible and extensible identity security.
By integrating DualShield MFA, organisations can unlock advanced authentication capabilities while continuing to leverage Microsoft’s identity ecosystem.
