Control 1.23: Step-Up Authentication for AI Agent Operations
Control ID: 1.23 Pillar: Security Regulatory Reference: GLBA 501(b), FINRA 4511, SOX 302/404, NIST SP 800-63B Last UI Verified: January 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Implement step-up authentication requirements when AI agents attempt sensitive operations such as financial transactions, data exports, or access to restricted information, requiring re-authentication at the moment of high-risk action.
Why This Matters for FSI
- GLBA 501(b): Verifies user identity before sensitive data access
- FINRA 4511: Supports authorized access to financial records at transaction time
- SOX 302/404: Provides transaction-level authentication controls for internal control
- NIST 800-63B: Implements AAL2/AAL3 authentication strength for sensitive operations
Control Description
This control establishes step-up authentication through:
- High-Risk Action Classification - Define actions requiring step-up (financial transactions, data export, external API calls, config changes)
- Authentication Contexts - Create Entra ID contexts (c1-c5) mapped to sensitive agent actions
- Conditional Access Policies - Configure CA policies requiring fresh authentication for each context
- Phishing-Resistant MFA - Mandate FIDO2/Windows Hello for critical operations
- Session Controls - Configure sign-in frequency (15 minutes for critical actions)
- Step-Up Monitoring - Alert on step-up failures and bypass attempts
Key Configuration Points
- Create Authentication Contexts:
c1(Financial Transaction),c2(Data Export),c3(External API),c4(Config Change),c5(Sensitive Query) - Configure CA policies requiring phishing-resistant MFA for each context
- Set sign-in frequency: 15 minutes for critical (c1), 30 minutes for high (c2-c4), 1 hour for medium (c5)
- Require compliant device for step-up scenarios
- Implement service principal compensating controls (approval workflow for sensitive SP operations)
- Configure real-time alerting on step-up authentication failures
- Start CA policies in report-only mode before enforcement
PIM Integration for Sensitive Agent Operations
Combine step-up authentication with PIM for administrative operations on AI agents:
| Operation | PIM Requirement | Step-Up Context | Combined Control |
|---|---|---|---|
| Agent Publishing (Zone 3) | Activate Power Platform Admin | c4 (Config Change) | PIM + 30-min fresh auth |
| Connector Allowlist Changes | Activate Power Platform Admin | c4 (Config Change) | PIM + 30-min fresh auth |
| Agent Deletion | Activate Environment Admin | c4 (Config Change) | PIM + approval workflow |
| DSPM Policy Changes | Activate Purview Admin | c4 (Config Change) | PIM + 15-min fresh auth |
| Agent Sponsor Assignment | Activate AI Governance Lead | c5 (Sensitive Query) | PIM + justification required |
PIM + Step-Up Workflow:
- User requests PIM activation for administrative role
- PIM approval workflow triggers (requires approver consent)
- Upon activation, step-up authentication context applied
- User completes phishing-resistant MFA
- Administrative operation permitted within activation window
- All actions logged with PIM activation context for audit
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Standard MFA; 8-hour session; step-up not required | Low risk, minimal friction |
| Zone 2 (Team) | Step-up for data exports and external API; 4-hour session; 30-minute fresh auth | Team data requires additional verification |
| Zone 3 (Enterprise) | Mandatory step-up all sensitive actions; 1-hour session; 15-minute fresh auth; phishing-resistant MFA; real-time monitoring | Customer-facing requires strictest controls |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Entra Security Admin | Configure authentication contexts and CA policies |
| Entra Global Admin | Manage authentication strength and MFA methods |
| Power Platform Admin | Implement connector-level step-up requirements |
| Compliance Officer | Classify actions and validate regulatory alignment |
Related Controls
| Control | Relationship |
|---|---|
| 1.11 - Conditional Access | Baseline CA policies; step-up builds on top (Conditional Access Automation) |
| 1.18 - RBAC | Entra Agent ID (Public Preview) enables Conditional Access for agent identities with agent-specific risk signals; role-based access complements step-up |
| 1.4 - Advanced Connector Policies | Connector governance enables action-level step-up |
| 1.7 - Audit Logging | Step-up events must be logged |
| 2.22 - Inactivity Timeout Enforcement | Complementary session controls — 1.23 governs authentication session lifecycle (CA policies via Graph API); 2.22 governs application-level inactivity timeout duration (BAP Admin API) |
Automated Validation: Session Security Configurator
For automated deployment, validation, and drift detection of session security controls per governance zone, see the Session Security Configurator solution.
Capabilities:
- Authentication context deployment (c1-c5) with conflict detection
- Zone-specific CA policy deployment with 72-hour bake period enforcement
- 5-dimension session security validation (session controls, auth strength, PIM, break-glass, conflict audit)
- Daily drift detection with Teams adaptive card alerts
- Compliance evidence export with SHA-256 integrity hashing
Deployable Solution: session-security-configurator provides PowerShell validation scripts, Dataverse infrastructure, and Power Automate flows.
Automated Compliance: Conditional Access Automation
For automated deployment and compliance scanning of Conditional Access policies supporting step-up authentication for AI agent operations, see the Conditional Access Automation solution.
Capabilities:
- Automated deployment of authentication context CA policies for agent step-up auth (c1–c5)
- Zone-specific policy templates enforcing phishing-resistant MFA for sensitive agent operations
- Daily compliance scanning of CA policy configuration drift for step-up scenarios
- Teams adaptive card alerts when step-up policies are weakened or disabled
- SHA-256 evidence export with integrity hashing for FINRA/SEC examination support
Deployable Solution: conditional-access-automation provides PowerShell deployment scripts, Azure Automation runbook wrappers, and Power Automate flow definitions.
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Agent access without MFA is denied
- Sensitive action after >15 minutes triggers step-up authentication
- Step-up with FIDO2 key succeeds for critical action
- Step-up with SMS is denied when phishing-resistant required
- Step-up events appear in sign-in logs with authentication context
Additional Resources
- Microsoft Learn: Authentication Contexts
- Microsoft Learn: Authentication Strengths
- Microsoft Learn: Session Controls
- NIST SP 800-63B: Digital Identity Guidelines
Updated: January 2026 | Version: v1.2 | UI Verification Status: Current