Can RSA’s Microsoft partnership protect enterprise AI agents from the identity threats no one saw coming?

RSA Security, the identity and access management firm that protects more than 60 million identities across more than 9,000 enterprise customers, announced an expanded collaboration with Microsoft at the RSAC Conference 2026 in San Francisco. The agreement integrates RSA ID Plus for Microsoft with the newly launched Microsoft 365 E7: The Frontier Suite, extending RSA’s authentication stack to cover both human users and AI agents operating within Microsoft’s ecosystem. The move arrives as enterprise AI adoption forces security teams to confront a category of identity risk they were not designed to manage: autonomous software agents with privileges, access, and the capacity to be compromised. For RSA, the partnership deepens an already significant relationship with Microsoft that now spans membership in the Microsoft Intelligent Security Association, the deployment of RSA Advisor for Admin Threats in Microsoft Security Copilot, and the RSA ID Plus Admin Logs Connector.

Why is RSA integrating with Microsoft 365 E7 and what does it mean for enterprise AI security in 2026?

Microsoft 365 E7: The Frontier Suite represents Microsoft’s premium enterprise productivity and security bundle, and its launch signals that AI agent capabilities are now being treated as table-stakes for large organisations rather than experimental add-ons. By embedding RSA ID Plus authentication natively within that suite, RSA positions itself at the entry point of every AI-driven workflow that a Microsoft 365 E7 customer initiates. The strategic logic is straightforward: organisations adopting Microsoft’s Frontier Suite will deploy AI agents at scale, and those agents require the same authentication rigour that has traditionally been applied only to human users.

The timing is deliberate. Microsoft separately announced at RSAC the availability of Microsoft Entra Agent ID, an identity framework that assigns unique identifiers to AI agents built on Microsoft Foundry and Copilot Studio. RSA’s integration slots directly into that architecture, providing the authentication layer for agents operating across hybrid, cloud, and on-premises environments. For customers running legacy on-premises infrastructure alongside cloud services, this matters more than it might appear: many enterprise AI deployments fail at the identity boundary precisely because authentication infrastructure was not built to handle non-human entities. RSA’s multi-environment coverage addresses that gap at a structural level.

How does the RSA and Microsoft Entra External MFA integration change authentication options for regulated industries?

A separate but related development announced at RSAC is the general availability of Microsoft Entra External MFA, a framework that allows organisations to connect third-party authentication providers directly to Entra ID and Conditional Access policies rather than relying solely on Microsoft’s native MFA capabilities. RSA’s participation in this framework gives enterprise customers running RSA ID Plus the ability to deploy the full RSA authentication catalogue, including hardware tokens, biometrics, FIDO2 passkeys, QR code-based authentication, and one-time passwords, within Entra-governed environments without needing to re-architect their identity stack.

For regulated industries such as financial services, defence, and healthcare, where prescriptive compliance frameworks dictate specific authentication methods, this flexibility carries real operational value. A government contractor running Entra ID as its directory service but required under contract to use FIDO2-compliant hardware tokens can now maintain that requirement without stepping outside the Microsoft security perimeter. The External MFA framework also removes a long-standing integration friction point: previously, deploying a non-Microsoft MFA solution in an Entra environment often required custom connectors, workarounds, or architecture compromises. The general availability of the framework simplifies that considerably.

What passwordless enhancements did RSA announce at RSAC Conference 2026 and how do they address offline and datacenter scenarios?

Beyond the Microsoft partnership, RSA used RSAC to announce a substantive expansion of its own passwordless capability set. The next generation of RSA’s desktop passwordless client for macOS and Windows introduces three availability modes: online, offline, and hybrid. The offline mode is particularly significant. Most passwordless deployments in the market today are contingent on network connectivity, which creates an authentication failure scenario whenever that connectivity is lost. For organisations operating in air-gapped environments, remote field locations, or during infrastructure outages, this is not a theoretical edge case. It is a predictable operational reality.

RSA also announced enhanced mobile passkeys incorporating proximity verification, a mechanism that requires physical proximity between the authenticating device and the endpoint being accessed. This targets a specific attack vector: adversarial scenarios in which a user’s mobile device is compromised remotely and used to approve authentication requests from a geographically distant attacker. Proximity verification introduces a physical constraint that remote attackers cannot easily bypass. Separately, RSA extended datacenter passwordless support to Linux and other server operating systems, closing a coverage gap that has historically forced organisations to maintain password-based authentication for server infrastructure even when their desktop environments had been fully migrated to passwordless.

The FIDO Alliance published a case study at RSAC documenting RSA’s own internal deployment of these technologies across its global workforce, describing the rollout as approaching near-universal passwordless coverage. The publication of RSA as its own reference customer is a calculated credibility move: identity vendors that can demonstrate enterprise-scale internal deployments of their own products carry more weight with procurement teams than those citing only external case studies.

How does the RSA and Microsoft MISA partnership affect RSA’s competitive position against Okta, CyberArk, and Ping Identity?

The identity and access management market in 2026 is a genuinely contested space. Research from ETR’s 2026 Observatory for Identity Security, drawing on responses from more than 300 IT decision makers across large enterprises, identified Microsoft Entra ID and Okta as the two vendors with the strongest forward spend momentum among enterprise buyers. RSA sits in a different part of the market, one defined less by developer-friendly integrations and SaaS-native architecture and more by the requirements of high-security, compliance-heavy organisations that cannot afford operational failure.

RSA’s Microsoft partnership is a direct response to a structural threat: Entra ID’s growing native authentication capabilities reduce the perceived need for a third-party identity platform among organisations running Microsoft infrastructure. By integrating deeply into the Entra ecosystem rather than competing against it, RSA repositions itself from a potential displacement target to an essential enhancement layer. This is a sensible strategic pivot. Okta has pursued a similar complementary approach with Microsoft, building extensive Entra integrations rather than waging a zero-sum competition for the same enterprise accounts.

Where RSA maintains a durable competitive advantage is in the scenarios that commercial identity platforms tend to deprioritise: offline authentication, air-gapped environments, datacenter server authentication, and the complex compliance requirements of government and defence customers. CyberArk, following its acquisition of Zilla Security, and Ping Identity have both been expanding their enterprise identity governance footprints, but neither has staked out the same operational resilience positioning that RSA is now doubling down on at RSAC. The offline-capable passwordless offering, in particular, is a product category where RSA currently faces limited direct competition.

What is the strategic risk for RSA in deepening its dependence on the Microsoft ecosystem at this scale?

The partnership carries execution risks that deserve acknowledgement. RSA’s deep integration with Microsoft creates a degree of strategic dependence that cuts both ways. On the positive side, it expands RSA’s reach to the enormous installed base of Microsoft 365 enterprise customers. On the risk side, Microsoft has a long history of incorporating partner functionality into its own platform over time. Microsoft Authenticator, Windows Hello, and the native FIDO2 capabilities within Entra ID all represent Microsoft absorbing authentication surface area that third-party vendors once owned.

RSA’s response to this risk is visible in the product announcements at RSAC: the offline passwordless capability, the proximity-verified mobile passkeys, the datacenter and Linux server coverage, and the Sovereign Deployment offering announced separately at the conference. Each of these addresses a scenario where Microsoft’s native capabilities either do not reach or have not been the engineering priority. RSA is not trying to out-compete Microsoft in cloud-native authentication for standard enterprise users. It is building a defensible perimeter around the scenarios that Microsoft leaves underserved. Whether that perimeter remains defensible as Microsoft’s engineering investment continues to compound is the central long-term question for RSA’s product strategy.

How are AI agents changing enterprise identity security requirements and what does this mean for authentication vendors in 2026?

The emergence of AI agents as first-class enterprise actors is the most consequential structural shift in identity security since the transition to cloud infrastructure. Traditional identity frameworks were built on two assumptions: identities belong to humans, and access events are initiated by those humans in real time. AI agents break both assumptions. An agent can initiate thousands of access events per hour, operate autonomously without a human in the loop, hold persistent credentials, and be compromised in ways that produce no immediately visible signal to a security operations team monitoring for human behavioural anomalies.

The breadth of announcements at RSAC 2026 addressing non-human identity, from Entro Security’s agentic governance module to 1Password’s unified access platform for AI agents to Microsoft Entra Agent ID itself, confirms that the industry has recognised this as an urgent gap. RSA’s framing of the Microsoft partnership explicitly around securing both human users and AI agents is not marketing language. It reflects a genuine product positioning choice about which identity security problems the company intends to own as the AI agent deployment curve accelerates through 2026 and beyond.

Key takeaways: What the RSA and Microsoft partnership means for enterprise identity security strategy in 2026

• RSA has integrated RSA ID Plus with Microsoft 365 E7: The Frontier Suite, positioning RSA authentication as the identity layer for enterprise AI agent deployments running on Microsoft infrastructure.
• The partnership builds on RSA’s membership in the Microsoft Intelligent Security Association and existing integrations with Microsoft Security Copilot and Entra ID, signalling a deepening strategic alignment rather than a one-off product announcement.
• Microsoft Entra External MFA, now generally available, allows organisations to deploy third-party authentication providers including RSA directly within Entra-governed environments, removing a longstanding integration barrier for regulated industries.
• RSA’s new offline passwordless capability for desktop environments addresses a critical gap in competitor solutions: authentication resilience during network outages, in air-gapped settings, and across remote operational environments.
• Proximity verification for mobile passkeys introduces a physical constraint against remote authentication attacks, targeting an attack vector that phishing-resistant MFA alone does not fully close.
• Datacenter and Linux server passwordless support extends RSA’s coverage to infrastructure environments that have historically been excluded from passwordless migration programmes.
• RSA’s competitive strategy at RSAC is defined by intentional focus on scenarios Microsoft under-serves: offline use, air-gapped environments, compliance-mandated hardware tokens, and high-assurance government and defence deployments.
• The identity security market in 2026 remains highly competitive, with Microsoft Entra ID and Okta leading on enterprise spend momentum while RSA occupies a defensible niche in high-security and highly regulated segments.
• RSA’s deep partnership with Microsoft is a calculated risk management decision: embedding within the Entra ecosystem reduces displacement risk from Microsoft’s expanding native authentication capabilities while extending RSA’s reach into the Microsoft 365 installed base.
• The RSAC 2026 conference confirmed AI agent identity as the defining emerging challenge for enterprise security vendors, with RSA, Microsoft, Okta, 1Password, and multiple startups all announcing agent-focused identity capabilities within days of each other.