Voiced by Amazon Polly
Intruders threaten the safety of your interconnected world, but you can protect it through secure and seamless Identity and Access Management (IAM) that offers limitless visibility across your digital ecosystem. Microsoft has developed a new product family called Entra to ensure comprehensive access security across your cloud assets. Entra combines the Zero Trust approach and a growing emphasis on multi-cloud environments. This blog post elaborates on the three pillars of Entra. The focus is shifting toward modern authentication methods and security. Microsoft Entra can verify all identities and secure, manage, and govern their access to any resource.
Understanding the Motivation Behind the Name Change
Microsoft has changed the name of its IAM technologies to reflect its entry into multiple new categories. The company required a name communicating secure modern access to various products in our increasingly interconnected world. The Entra portal’s purpose is not to prevent unauthorized individuals from gaining access but to facilitate a simple and seamless process for authorized users to gain entry.
Helping organizations transform their IT infrastructure with top-notch Cloud Computing services
- Cloud Migration
- AIML & IoT
What does it not entail?
The intention of introducing Microsoft Entra is not to replace or rename Azure AD. While Azure AD continues to be Microsoft’s primary identity solution, it will be an integral component of Microsoft Entra.
A Bird's Eye View of Microsoft Entra
Microsoft Entra is now available for public preview, providing administrators access to the new Microsoft Entra admin center. The platform is automatically activated on your Azure AD tenant and is accessible through https://entra.microsoft.com/. It offers a more targeted approach to identity governance within the admin portal. Your login details are transferred from your Azure Portal or are directly accessible using your tenant credentials.
An Insight of Microsoft Entra Admin Center
The admin center is the platform to access and manage the Microsoft Entra product family.
- Azure Active Directory: As a component of Microsoft Entra, Microsoft Azure Active Directory (Azure AD) delivers an integrated security identity and access management solution designed to govern and secure all your users and data. It includes single sign-on, multifactor authentication, and conditional access protections. Azure AD serves as the core of this identity access management. It is the world’s largest identity service, with several authentications over 30 billion daily. As Entra, Azure AD External Identities will remain the preferred solution for managing customer and partner identities.
- Microsoft Entra Permissions Management: Microsoft Entra Permissions Management is a cloud-based entitlement management product that allows administrators to manage permissions for any identity and resource across different cloud platforms, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). It simplifies granting access to new employees and external parties by assigning access packages to applications, groups, Teams, and SharePoint sites, with multi-stage approval. It ensures users do not retain access indefinitely through time-limited assignments and periodic access reviews. Entra CIEM solution is distinct from Azure AD Entitlement Management. Permissions Management identifies and rectifies instances of workloads and user identities, actions, and resources having more permissions than necessary across multiple cloud infrastructures. The solution automatically detects and adjusts unused and excessive permissions while continuously monitoring them.
- Microsoft Entra Verified ID: During the Entra preview period, customers worldwide have utilized credential issuance and verification for various scenarios, such as remote onboarding, inter-business collaboration, and expanding education beyond campuses. Customers across different industries have successfully issued and verified tens of thousands of credentials on the platform, facilitating faster remote onboarding by validating identity information for trustworthy self-service enrollment and reducing the time-to-hire. Additionally, the platform allows quick verification of an individual’s credentials and status to grant least-privilege access confidently. It replaces support calls and security questions with a streamlined self-service process for easy account recovery. The API-first approach of the platform enables customers to easily integrate verifiable credentials into their existing applications and services, whether hosted on-premises or on Azure, AWS, or GCP, providing an easy jumpstart model to enhance verifiability and compliance. Microsoft Entra Verified ID is available to all customers with an Azure Active Directory subscription, including Azure AD Free. Azure AD is typically used to secure access to company resources, but extending its use for verifying employment or education for loans comes with complexity and compliance risks. With Microsoft Entra Verified ID, customers can design and issue verifiable credentials representing proof of jobs, education, or other claims. The holder of a credential can choose when and with whom to share it—signing the cryptographic keys with these credentials that the user controls and can be presented and validated even if the issuing institution no longer exists. Verifiable credentials are standards-based, making it easy for developers to understand and integrate with the APIs included in the service. Users can manage and present credentials using Microsoft Authenticator, allowing them to control who can access them. Microsoft plans to add capabilities like selective disclosure, derived claims, and measures to prevent correlation. End-users can recover lost credentials using a mnemonic-based scheme, and Microsoft will provide custodial and social recovery solutions.
- Microsoft Entra Workload Identities Entra also offers Workload Identities, which extend IAM to software workloads and provide the same level of security as for real users. Entra Workload Identities enable you to detect and mitigate threats to compromised workloads, get detailed insight into workload privileges, and create conditional access policies for workloads.
- Microsoft Entra Identity Management includes all the governance capabilities available in Azure AD, along with more advanced utilities that simplify identity management and governance. The new capabilities include lifecycle workflows, separation of duties, and connecting back to on-premises applications.
Although Microsoft Entra is a suite of products, you can choose to use any of them separately. For instance, Azure AD is a standard feature in several Microsoft products, including Dynamics 365, Intune, Office 365, Power Platform, and Microsoft 365. By enabling Azure AD, you can access its features.
To use Verified ID, you need an active Azure tenant and some extra configurations to use the Verified Credentials service. You can set up your system for Entra Verified ID on its website.
On the other hand, Entra Permissions Management is less complex and offers a free 90-day trial for you to test its functionality.
At the end of 2023, entra.microsoft.com will phase out the Azure AD admin center (aad.portal.azure.com). At the same time, the Azure AD admin page on the M365 portal gets redirected to Entra.
Regarding licensing, Azure AD’s IAM offering will continue to be available as a standalone license or via Microsoft 365 E3 and E5 suites. In contrast, Entra Permissions Management will be available as a standalone solution through an annual license. We can use Entra Verified ID either by itself or with a premium Azure AD license, currently available at no cost.
Organizations face significant identity and access management challenges, particularly as they shift towards hybrid and multi-cloud environments. Traditional technologies can no longer keep up with the constantly evolving digital landscape. Microsoft Entra has addressed these issues by providing a range of identity and access technologies under one portal. This feature ensures secure access for organizations and offers additional benefits. For instance, the inclusion of Verified ID enables organizations to provide employees and clients with identities that are solely under their control. Additionally, Permissions Management provides complete visibility of employees’ permissions, even in hybrid and multi-cloud infrastructures. With Microsoft Entra, modern organizations can access new ways of managing identity and access challenges in a rapidly changing digital landscape.
- What is Microsoft Entra?
Microsoft has recently unveiled Microsoft Entra, a comprehensive offering that incorporates Microsoft’s identity and access features. This Entra suite comprises Microsoft Azure Active Directory (Azure AD) and two novel product categories: Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity. These Entra products aim to ensure secure access for all users, offering identity and access management, cloud infrastructure entitlement management, and identity verification capabilities.
- What is the benefit of using Microsoft Entra?
Microsoft Entra tackles various identity and access management challenges, with each technology fulfilling a distinct role.
- What is the connection between Azure AD and Microsoft Entra?
Microsoft has integrated Azure AD into the Microsoft Entra product lineup.
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
WRITTEN BY Rashmi Deshmukh