Identity-driven case management is now generally available.CrowdStrike’s latest innovations deliver strong protections, great control, and fast response times to help customers reduce risk, gain operational efficiencies, and optimize costs.
CrowdStrike uniquely brings this comprehensive solution together — all from one platform, one agent, and one console. CrowdStrike’s unified, proactive approach protects every identity and privilege, stopping adversaries cold.
FalconID introduces phishing-resistant, passwordless MFA, built on FIDO2 standards, to transform identity verification into a frictionless and secure experience. Delivered through the CrowdStrike Falcon® for Mobile app, FalconID blocks credential phishing, MFA fatigue, and session hijacking — techniques frequently used by adversaries like SCATTERED SPIDER.
With FalconID, users verify their identity on their own trusted mobile device, protecting every login with secure, passwordless authentication. Proximity checks using Bluetooth validate that only someone physically near the login attempt can approve access. This protects against attackers sending remote push requests. Authentication is bound to legitimate domains, so FalconID continues to protect a device even if adversaries create fake login pages and attempt to have a user log in.
Raising the Bar for Modern Identity Security
These announcements closely follow the launch of Falcon Next-Gen Identity Security, which redefines how organizations protect identities — human, non-human, and AI agents — across hybrid environments. Falcon Next-Gen Identity Security, delivered through the unified, AI-native CrowdStrike Falcon® platform, protects the entire identity attack chain, from malicious access and privilege abuse to lateral movement and impact.
FalconID: Phishing-Resistant MFA
CrowdStrike strengthens privileged access control with new automation, deeper integrations, and expanded hybrid identity coverage. Falcon Privileged Access, announced earlier this year, eliminates standing privileges, reduces lateral movement opportunities, and now accelerates response to misuse by making high-level permissions simple to manage. Instead of wrestling with complex Active Directory or Microsoft Entra role names, privileges can be requested using easy-to-understand, intuitive role-based labels — like Help Desk Analyst 1. This removes the need for the user to know the exact permission name and makes it simpler for the security team to control permissions.
Innovations announced today build on these capabilities. Privilege requests and revocations can now be performed directly in Microsoft Teams, to meet users where they work, and Falcon Fusion SOAR integrations deliver customized automation to ensure the right people get access exactly when needed. A new just-in-time (JIT) analytics dashboard provides real-time visibility into who has access, when they used it, and for what purpose. This works consistently across Entra ID, on-premises AD, and now local systems, which means users can request JIT privileged access when they need to download and install software on their corporate devices. Organizations can eliminate standing privileges, cut risk, and simplify operations — all from a single control point.
Forward-Looking Statements
CrowdStrike continues to raise the bar for modern identity protection. We are excited to announce innovations including phishing-resistant multifactor authentication (MFA), new privileged access capabilities, and identity-driven case management, all part of CrowdStrike Falcon® Next-Gen Identity Security.
Enhanced Falcon Privileged Access Capabilities
Adversaries move swiftly across environments, exploiting fragmented identity tools that fail to keep pace. Organizations relying on legacy solutions or bolt-on acquisitions struggle with complexity and security gaps, which increase their risk and operational costs.
These new enhancements are now available in early access.
This blog includes descriptions of products, features, or functionality which may not be currently generally available. Any such references are provided for information purposes only. The development, release, and timing of all features or functionality remain at our sole discretion and may change without notice. These statements are subject to risks, uncertainties, and assumptions that may cause actual results to differ materially from those expressed or implied. Customers should make purchasing decisions based only on services and features that are currently generally available. For more information on our existing offerings please talk to your CrowdStrike representative.
Identity-Driven Case Management
FalconID will be made generally available at a later date.
Unlike traditional MFA solutions that make binary authentication decisions, FalconID leverages real-time security telemetry from across the Falcon platform — including endpoint behavior, cloud activity, and SaaS usage patterns — to make contextual access decisions that standalone MFA providers simply can’t match. By unifying MFA with secure privileged access, ITDR, security posture, and SaaS security, FalconID helps organizations protect the entire identity security lifecycle — from malicious access and privilege abuse, to lateral movement and impact.
CrowdStrike delivers a better way forward. Falcon Next-Gen Identity Security integrates phishing-resistant MFA and modern privileged access with ITDR and SaaS security. It supercharges the SOC with identity-driven case management within Falcon Next-Gen SIEM to automatically correlate detection in real time. Falcon Next-Gen Identity Security also provides the visibility and real-time enforcement organizations need to securely protect AI agents, control the proliferation of non-human identities, and prevent adversaries from exploiting these critical attack vectors in the AI era.
A Comprehensive Solution to Protect Every Identity
CrowdStrike delivers the critical identity protection modern organizations need. Falcon Next-Gen Identity Security was built with unified initial access, modern privileged access management, identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection to stop identity-driven breaches across domains. Today, we’re announcing new capabilities to build on the robust protection it already offers.
Identity-driven case management unifies identity detections with SOC workflows to accelerate investigation and response. Falcon Next-Gen Identity Security automatically creates cases within CrowdStrike Falcon Next-Gen SIEM, with identity-driven detections that map adversarial attack chains across domains.
Let’s take a closer look at what’s new.
Today’s threat landscape demands a new approach. Modern adversaries are heavily reliant on identity-based attacks and find access vectors in the gaps between siloed tools. Traditional identity and access management (IAM) and privileged access management (PAM) solutions are designed to manage access — not stop breaches. When organizations attempt to address security gaps by adding more point products, it often leads to increased complexity and risk. What’s more, AI agents and the proliferation of non-human identities behind them are creating new security gaps and identity-based risks.
These cases are dynamically enriched in real time with telemetry across the Falcon platform as Falcon Next-Gen SIEM correlates detections across identity, endpoint, cloud, and SaaS. Leveraging agentic AI, the Falcon platform automates critical analyst workflows such as enforcing MFA, revoking privileges, or isolating compromised systems to accelerate response and reduce manual investigations.
